Securing E-Commerce Networks

E-Commerce operates on and through communications networks, principally the Internet. Therefore, safeguarding the integrity of your Web site and its associated software and data is critical, especially where 24x7 operation is expected.

To view the related Policy click      

  • Malicious or opportunistic damage may occur if your network safeguards fail to prevent unauthorised access to your corporate network, when you open it up for Web based e-commerce.

  • Consider establishing a secure area, entirely separate from your internal network, perhaps a DMZ, to cut off all and any network traffic that is not explicitly permitted access through firewall and router configuration. Look at the following diagram for guidance 
  • Insist that all administration of the Web site may only be undertaken from a dedicated workstation, via a secure network or leased line. See Managing Higher Risk System Access.
  • Add supplementary authentication techniques, such as smart cards, to provide a greater degree of access control to your Web site and its data files.
  • If the network access controls to your Web server are poor, your site may be subject to unauthorised access ('hacked'), leading to theft (e.g. of credit card numbers) or corruption of data.

  • Where your ISP hosts your Web site, detailed safeguards to protect unauthorised access should be made available and scrutinised for adequacy.
  • Ensure that strong access control procedures are in force to restrict internal access to your Web site. See Access Control Standards.
  • See also Developing a Web Site.
Previous PageTop of this pageNext Page


Information Security Policies from US$595

 From
 US$595

Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word

 

Next PageUpPrevious Page