Page 330 - Introduction to Electronic Commerce and Social Commerce
P. 330
10.6 Defending Information Systems and E-Commerce 317
Figure 10.9 The two firewalls:
DMZ architecture
DMZ
Modem
Firewall
External Firewall Firewall
Internal Firewall
Internet
Public Server Private (Enterprise)
(e.g., FTP) Network
systems (e.g., large relational databases). Traditionally, com- searchsecurity.techtarget.com/guides/Introduction-to-IDS-
munications with the company would have taken place over IPS-Network-intrusion-detection- system- basics.
a secure but expensive value-added private leased line or
through a dial-up line connected to modems or a remote Dealing with DoS Attacks
access server (RAS). Unfortunately, using the Internet
instead, which is free, may not be secure. A more secure use DoS attacks, as described earlier, are designed to bombard
of the Internet is provided by using a VPN. websites with all types of useless information, which clogs
A virtual private network (VPN) refers to the use of the the sites. The faster a DoS attack is discovered, the easier
Internet to transfer information, but in a more secure manner. A is the defense. DoS attacks grow rapidly. Therefore, detecting
VPN behaves like a private network by using encryption and an intrusion early can help. Since there are several types of
other security features to keep the information secure. For exam- DoS attacks (e.g., DDoS), there are several defense methods.
ple, a VPN verifies the identity of anyone using the network. For examples, see learn-networking.com/network- security/
For details on VPNs, see searchenterprisewan.techtar- how-to-prevent-denial-of-service-attacks. Intrusion detect-
get.com/definition/virtual-private-network. ing software also identifies the DoS type, which makes the
defense easier and faster.
Intrusion Detection Systems (IDS)
No matter how protected an organization is, it still can be a The Defense III: General Controls,
target for attempted security attacks. For example, most Spam, Pop Ups, and Social Engineering
organizations have antivirus software, yet they are subjected Controls
to virus attacks by new viruses. This is why an organization
must continually monitor for attempted, as well as actual, The objective of IT security management practices is to defend
security breaches. The monitoring can be done by using information systems. A defense strategy requires several
intrusion detectors. controls.
An intrusion detection system (IDS) is a device com- The major types of controls are: (1) General controls,
posed of software and/or hardware designed to monitor the which are designed to protect all system applications. (2)
activities of computer networks and computer systems in Application controls guard applications. In this and the fol-
order to detect and define unauthorized and malicious attempts lowing sections, we discuss representative types of these two
to access, manipulate, and/or disable these networks and sys- groups of information system controls. Later in the section,
tems. For details, the technology, benefits, and limitations, see we cover spam and fraud mitigation.
