Project Resources And Information Gathering

Published Date: 02 Nov 2017

The project is based on E-commerce Payment Gateway infrastructure. The aim of this project is to describe how ecommerce Payment Gateway (PG) infrastructure operates in order to make E-business successful. Nowadays ecommerce is highly demanded in banking sector, due high growth of e-businesses. Alternatively only providing the infrastructure isn’t enough, security is very important while implementing such a system because it consists primarily of financial transaction.

This project will describe, what is E-commerce payment gateway infrastructure, its functionality and also analyzing in details how the system is build up, its components, how the service is provided and mainly to what extent it is secured, thus ensuring a secure transaction between banks and its customers.

Overview of Ecommerce, payment gateway and e-business

E-commerce is an emerging concept that describes the process of buying and selling or exchanging of products, services, and information via computer networks including the internet. It is the application of technology toward the automation of business transactions and work flow. E-commerce is best applicable for electronic payments; while buying goods online, a mechanism to pay online is required. That is where payment processors and payment gateways is applicable. Electronic payments reduce the inefficiency associated with writing and mailing checks. It also does away with many of the safety issues that arise due to payment made in currency notes.

A payment gateway is an e-commerce application service provider that authorizes payments for e-businesses, online retailers, and ‘bricks and clicks’. Payment gateways allow to list merchandise or services online and automatically process credit cards, debit cards or other forms of payment without so much as lifting a finger

E-business (Electronic Business) is the term used to define how business operates via internet. It might consist of simple mail exchange between staff or communicates with supplies via internet. A business A business is referred an e- business even if it is not involve in the process of buying and selling over the internet due to the term relates to business activities that are executed via internet. For example a successful might introduce a website for business promotion but not directly selling products directly via internet.

Project Resources and information Gathering.

The project is an experimental one. It describes and explains the mechanism of an E-commerce Payment Gateway Infrastructure and also concentrates on the security feature at various stages of the e-commerce system.

Samples and screenshots, which has been included in the project is based on a real company which is currently working developed a new E-commerce Payment Gateway. Information with the consent of the company IT Management team has been used for sample only in the appendix section.

Literature Review

Implementing the E-commerce Payment Gateway Infrastructure requires to select the appropriate Hardware, software, Applications and IT Technologies. Applying the best combination of all will help to implement an efficient, effective and secured E-Commerce Payment Gateway System architecture. Below information’s provide an overview of products and technologies which will be used to implement a high Payment Gateway System.

Server infrastructure

Virtualization Technology

Server OS platform & configuration

Network Infrastructure

Internet Service

Security infrastructure

Web Architecture

Application Development

Database System

Disaster Recovery

Infrastructure Architecture

Details referring to the implementation of various section of the Payment Gateway have been described in this section. At each stage of the infrastructure, appropriate components, technologies and services will be used to produce solid platform, where by the end integrating the full layout, will output the robust and secure E-commerce Payment Gateway. The four main infrastructures required are:

System Infrastructure

Network Infrastructure

Application infrastructure

Security Infrastructure

System Infrastructure

System Architecture is the overall design and structure of the System platform. It can be direct implantation on Physical servers or using latest technologies know as virtualization.

The proposed system infrastructure will be a virtualized system. The e-commerce Payment Gateway (PG) will be implemented on a virtualized infrastructure rather the physical system.

Why Virtualization?

Virtualization enables the sharing and/or aggregation of physical resources, such as operating systems, software, and IT services, in a way that hides the technical detail from the end users and reduces the per unit service cost. Because the virtualization system sits between the guest and the hardware, it can control the guest’s use of CPU, memory, and storage, even allowing a guest OS to migrate from one machine to another.

The Physical Server which will best suit the System Layout will be Dell Power edge R720 server.

Windows based Operating system will be used to host the system. Windows Server 2008 R2 edition will best suits the virtualized environment. The key reason why this version of Microsoft Server operating system has been selected are because, it provides free virtualization features know as Hyper-V.

The Physical server will have the Server 2008 R2 Operating system, based on which Hyper-v Role will be installed to create the virtualized environment. Having the virtualized platform, the Payment Gateway Servers will be implemented on the virtual platform rather than on physical servers.

Database Server

Database is very critical for any Payment Gateway, due to it holds sensitive, personal financial information’s such credit card, customer Private Data etc. It is a means of storing and presenting large amounts of information. The key factor which needs to be considered is data redundancy. In case of sudden failure of the Database server, the entire system will be paralyzed, causing loss both on PG and Bank side, because both parties rely on Database data which stores all the transactions.

For this reason, it’s mandatory to have Database server in failover mode, Primary DB will store the transactions, while being replicated to the secondary DB server in a defined interval which can be every 15 minutes. In case of sudden failure of the primary DB server, the secondary server automatically became active, without causing any downtime in the system.

The Key factor of the DB servers will be storage capacity; due to high volume of data which will be stored.

The E-commerce system will have a series of Software requirements, based on specific server’s roles and services.

Details are as follows:

The System will be hosted on a Microsoft Platform, as defined previously the Main Hyper-V server have a server 2008 R 2 Enterprise Edition Operating system, with Hyper-V role assigned. The main role of this server is to host the virtual client servers. Hyper-V manager is configured to administer the Client Servers.

Web Server will have Server 2008 R2 Standard Web Edition operating system. The Server will be assigned IIS server role, in order to host the Payment Gateway Website. IIS Manager will be installed to manage and maintain the PG website. Net framework 4.0 will also be installed to simply deployment of the Web Server.

Application Server will have Server 2008 R2 Standard Edition operating system. Visual Studio 2010 will be installed for Application debugging and changes. Net framework 4.0 and Java 6, will installed to support PG application implementation.

Database Server, will have a server 2008 R standard Edition Operating system.SQL 2008 Database Software will be configured to implement the PG Database system. The SQL Server manager will be installed to ease the DB administration. Java 6 and Net framework 4.0 will be configured to establish communication between DB and Application modules.

Network Infrastructure of the E-Commerce System

Network infrastructure refers to hardware and software resources of an entire network that enable network connectivity, communication, operations and management of enterprise network. It provides the communication path and services between users, processes, applications, services and external networks.

The network infrastructure for the PG will comprise of internal and external network. A secured network infrastructure need to be implemented to avoid, due to security of the E-commerce site depends on the security of both the internal systems and the security of external networks.

Lists of Networking Hardware resources are required to implement a robust and fault tolerance network in order to ensure confidentiality, integrity, and availability while using the Payment Gateway.

Network Hardware Devices

Firewall

A firewall is protection shield that resides between the organization network and Internet. Proper firewall usage prevents unauthorized use and access to the network. The task of a firewall is to carefully analyze data going in and out the network based on applied configurations parameters. It discards traffic that comes from unsecured, unknown or suspicious locations. A firewall ahs a key role on any network infrastructure due to it provides a protective barrier against most forms of attack coming from Wide Area Network (WAN).

Firewall can be either software base or hardware. In the current situation it is recommended to opt for a hardware firewall due to the system is critical and needs high security. A Stateful Failover link is configured for the takeover to occur when the primary firewall fail.

Cisco ASA 5520 Hardware firewall appliance will best suit the network environment. The major reasons are, network Zone creation with different level of security, VPN connection availability, Port management & Filtering, and interface management. The above listed reasons are configuration parameters and features which the firewall provides to create a secure network. Further details regarding configuration is provided in security section.

However due to the firewall is critical and it is the main part of the internal and external network, it need to be implemented in failover mode. Which a secondary ASA 5520 firewall need to be implemented with similar configurations and configured in failover mode, in case the primary firewall fails, the secondary firewall takeover the network with causing any downtime in the network infrastructure. Also smart net will be taken with both devices, a smart net act as a maintenance contract in case of hardware issue, where the device is replaced within a defined time frame.

Router

A router is a network device used to establish connection to between various networks. The key function of a router is to connect networks together and keep network traffic under control. All transactions from the internet will pass via the router passing through the firewall, to access the production server for processing. The router will have two key jobs:

It needs to ensure that information doesn’t g where it’s not needed. This is crucial for keeping high volumes of data from clogging the network.

The router makes sure that information does make it to the intended destination.

The key network part which will be managed via the router will be WAN connections acting as a default gateway between the internet and Payment Gateway system; it will be further elaborated in later part of the project.

Cisco 1941 Router will be appropriate device for the E-commerce system. Payment Gateway system has continuous mass traffic incoming and outgoing, therefore a strong router is required to handle the workload. Cisco 1941 has the ability to handle such workloads. Alternatively it has multi port feature, incase the primary port is faulty can easily swap to a secondary port without the need of major downtime or router replacement.

It even supports fiber optic connectivity which is recommended for most e-commerce system, to ensure a constant and rapid connectivity.

Referring to security which is most important feature, comprehensive suite of VPN technology with IPSec and SSL VPNs enhanced by onboard encryption acceleration, WLAN security support for 802.11i, threat defense support through firewall and intrusion prevention system (IPS) options and further includes support for next-generation encryption and cloud-based security.

To ensure no downtime, Smart Net agreement will be taken with an SLA of one hour, in case of a router failure, it will be replaced instantly.

Network Switch

A Network Switch is a device that enables multiple computers or networks on same data connection to communicate. It provides the feature of handling 10/100 Mbps or 10/100/1000 Mbps port transfer rate. Multiple network switches can function on different speed in one network. But such network configuration can create network bottlenecks and deny possible routes for available data flow.

There are four main types of network switches. Those four main categories of switch are unmanaged switches, managed switches, smart switches and enterprise managed switches. Each of them has their strong and weak features that need to be considered.

An Unmanaged Switch is the low cost solution, mostly used in small office or business. It performs basic functions of handling data flow between workgroup computers or shared peripherals such as network printers. It is available in desktop or rack mounted models.

A Managed Switch has GUI and CLI interface or tailored management software to modify the switch settings. These are multiple approach of amending the network switch, starting from a serial console to an Internet based application. This category of switch requires experienced and trained users to for switch administration

A smart switch is found in between an unmanaged and managed switch .The user interface is web based and offers most of the popular default settings. Changes in one setting reflect automatically to the related network setting.

An enterprise –manageable network switch has a variety of adjustable settings to be used throughout the network organization. Those network switch models are handled by network specialist and permanent monitoring is done due to the size and network infrastructure complexity.

A managed switch will be used in the network environment of the e-commerce system. The key reasons why a manage switch will best suit the network are; Managed switches provide all the features of an unmanaged switch, and more. They offer the ability to configure, manage and monitor the LAN.

Managed switch also referred as intelligent switch. It operates with software to analyze and improve network performance. Benefits of using managed switch are as follows:

Virtual Lan Networks

VLAN ease network administration. Multiple Vlan’s can be managed via single connection-physical location is irrelevant. There is no risk of accidental crossover of data from one VLAN to another, security of data is maintained. VLAN can easily be configured due to it’s a software solution no changing of Wired connection needed compared to regular LAN.

Mainly for Ecommerce, critical servers should be segregated on a high security VLAN to prevent unauthorized accessed and breach of security.

Redundancy

Using managed switch, in case of switch failure, can instantly swap to backup switch without any configuration, and due to its configured in redundant mode. Protocols such as Spanning Tree , help network managers helps to introduce network redundancy incase a switch or set of switches fails, traffic is automatically reroute.

Port Monitoring

Port Monitoring is an important feature of manageable switch. Data is sent from switch port (even data for an entire VLAN if it’s on one port) to be sent to a monitoring port at another switch. It helps to detect network intrusions and ease network diagnostics in case traffic loss or network looping.

IGMP

Internet Group Management Protocol (IGMP) enables a switch to "listen in" (knows as IGMP Snooping) on network multicast. In turn the switch diverts traffic to ports where the attached device signals is available to listen the broadcasts. This prevents the network devices from handling unnecessary traffic.

Web Base Management

Web-Based Management helps to monitor, configure and control switch remotely via web browser rather than using expensive and complicated SNMP software products. The simple web browser management option, allow to monitor the performance of switch and optimize network configuration. Using a web browser for example can configure VPN’s traffic priority and configure port trunking.

Security

Managed Switch permit communication to flow through a network when required and only to the device which need it . It allow creation and management of VLAN’s,monitor traffic problem through port monitoring and enable further security related configurations. For example switches with Media Access Control (MAC) ID filtering, port locking and password protection, help to prevent tampering and trespassing on the network. In case a network is overloaded from device or operating errors rate limiting or VLAN’s created by managed switches can limit or isolate the problem.

Cisco Catalyst 3750 switch will be used in the internal network segment of the Payment Gateway infrastructure. It has all the above specified recommended characteristics for a critical network.

Network Implementation Overview

In this section, overviews will be provided regarding network configurations and network parameters being applied to the above defined network devices

Firewall

Firewall will be the core part of the network system. Parameters will be defined to allow access from WAN network and LAN network. Network activities passing from the switch to the router need to be filtered through the firewall before going on the WAN. Similarly request from WAN trying to access the Payment Gateway System, from the router need to pass through the firewall before access the PG. Unauthorized access from both networks will be restricted.

Manageable Switch

The Cisco Switch 3750 main role will be in the Local Area Network, where all Production servers and staff workstation will interconnect. Another key configuration on the manageable switch will be Virtual LAN (VLAN).VLAN will be used to create the 5 different network segments as shown in the network diagram. The reason why VLAN will be required will be to assure security of critical servers, and also to control access on both the internal and external network.

The five VLAN for the Payment Gateway Network are as follows:

Inside Zone VLAN

This VLAN is forms part of critical zone. The security level will be normal without any restriction. Staff workstations and noncritical servers such as mail, antivirus will be located in this zone. From the Inside VLAN Zone only authorized workstations will be allowed access to the remaining zones

Demilitarized Zone (DMZ) VLAN

The demilitarized zone is considered as a critical zone. Web server and Application servers will be located in this zone. The DMZ will have the highest security parameters, due to servers will be exposed to the WAN network .In our scenario, transaction passing through the internet will reach the E-commerce web server for processing.DMZ zone normally resists to external attacks.

Database Zone

Database Zone will be used only to host the Primary and Secondary DB servers, access will be limited only to DMZ zone, because transaction in process from Application server will be stored in the DB. Database information’s are very sensitive and critical, for his reason the DB servers are located in separate zone, where access is limited. If tomorrow hackers from outside are trying to do SQL injection attack, the server itself won’t be visible from outside due it’s in a hidden zone and access is limited via specific internal IP address. Excluding DMZ, remaining zones won’t have access in this segment of network.

Test Zone

The test zone VLAN will be used test server environment, all testing’s, patches and updates will be tested in servers located in test zone, before deploying in production servers. This will help to ensure that changes will be successful and there is no risk of failure and downtime. In this zone only developers and System administrators will have access. From WAN connection will be restricted.

Partner Zone

This VLAN will be used to establish communication with Acquiring Bank, who will work in partnership with the E-commerce system. Where successful transactions will be submitted to Bank for acknowledgement .A VPN connection will be used to establish a secure point to point connection between our Application server and Bank Settlement server.

Ecommerce Wide Area Network (WAN) Service

Nature of WAN connection is E-commerce key factor for success. The PG system operates via WAN connection, client’s worldwide access the E-Commerce link which needs to be constantly online. Millions of transactions pass through the Web Server in one instance.

Two Types of WAN connections will be used in the system are:

IPSHDSL (Single-pair high-speed digital subscriber line), it is a Point to multipoint service based on the ATM and G.SHDSL technology is used for carrying data traffic. The key reason why, this service has been opted are:

It is based on fiber optic connection, therefore providing high speed connection. In our case, we will opt for a 4MBS dedicated data connection, which can assure handling heavy amount of traffic during peak production hours.

Using fiber optic connections there is no or lesser chances of circuit failure compared to copper based frame relay connection.

The key feature of this network service is that it provides public IP and DNS name pointing service, which is a key requirement for the E-commerce system. These services aren’t available in normal business ADSL network package.

Overview of Configurations is as follows:

IPSHDSL connection will be relayed from the Internet Service Provider (ISP) to the Cisco 1941 router, which in turn will divert the traffic to the firewall. The fiber optic cable from the ISP backbone will interconnect on the fiber optic port of the Router 1941.A public IP Address will be assigned to the fiber optic circuit for Domain Name (DNS) resolution.

The DNS Name which will be used in our scenario will be "Secure.soft-connect.biz". The DNS name should be purchased from a domain name provider and request the ISP to point that domain name to our public IP address; which in turn will be natted to the Web server internal IP address. Client trying to access the link, typing the link secure.soft-conect.biz in their web browser, will resolve the link to the Public IP address configured on the router, diverting the request to the PG Web server passing through the firewall to the DMZ zone reaching the server.

Sample of configuration parameters to be applied on IPSHDSL Router is as follow:

"Static (DMZ, Outside) 197.227.4.17 192.168.20.19 netmask 255.255.255.255"

The IPSHDSL WAN connection will be dedicated only for the E-Commerce Platform to ensure rapid and continuous availability. For this reason for normal browsing and internet usage a secondary WAN connection need to be considered.

Business ADSL will be the secondary WAN connection, which will be required. The key reason, for normal user browsing, downloading of server updates, files and fixes. This network service doesn’t provide Public IP address or DNS pointing, it is used only for normal internet usage. A bandwidth capacity of 2Mbs should be sufficient. Cisco Router 1941 will be used to host the ADSL connection. Users who want to download or browse; their request will reach their firewall, which will divert the traffic to the ADSL circuit.

In case the initial IPSHDSL circuit would have been used for both E-commerce platform and normal internet usage, risk of network slowness is higher.

Virtual Private Network (VPN)

Virtual Private Network is means of allowing a user to access the internal network of the organization via the internet in a highly secured approach. A VPN provides users who are outside the LAN to access resources securely inside the network. A tunnel is created that warp data packets destined for the internal network and then those packets are encrypted to be sent via internet.

Connection between Acquiring Bank and our Payment Gateway Infrastructure is required to validate transactions. Establishing normal WAN connection via internet is too risky, for this reason a secure connection need to be established.

A point to point VPN will be established between Bank and our Infrastructure.

Network Parameters will be configured on our ASA Firewall and on Bank firewall to allow secure communication between the defined zone.

The above WAN services will be provided by Local ISP, Mauritius Telecom.

Network Security

A secured network is very important for any ecommerce infrastructure. Clients need to trust the PG in that their information is going to be stolen or interfered.

The most important part, card holder information should be protected. Network Security should be applied both on the LAN and WAN network.

LAN Security measures that will be applied are as follows:

Static IP addressing

Nat of IP address

VLAN Hardening

Port Filtering

Static IP address will be used throughout the network. Using manual IP addressing, can easily manage all servers and workstations. Auditing and communication tracking can easily be done. Static IP addressing ensures constant connection between servers.

5 Different pools of static IP addresses will be used which are listed below:

NAT, Network Address Translation is a method used to modify IP address information during transit. Following above Static IP address table, each VLAN has a different static IP Pool, communication between VLAN will be impossible, which ensures high security level. Due to servers and specific workstations need to interact with machines from other network zones, Nat will configurations will be applied only to required machines.

Sample of Configuration:

Web Server IP address 192.168.20.19 (DMZ Zone)

Database Server : 192.168.90.27 (DB Zone)

Nat Config:

VLAN Hardening

VLAN can be further hardened by applying security level in the VLAN Zone. Each VLAN interface must have a security level between 0 to 100 (From lowest to highest).The key reason of using Security level is that critical Zone Ip are not disclosed to the network, they can be accessed via the Natted IP address only due to their security level is set to high. This measure provides a strong mode of security.

Sample of VLAN Security

DB VLan security = 90

DMZ VLan Security = 50

Web server from DMZ zone can access DB server using the Natted ip 192.68.20.27 instead of the real IP: 192.168.90.27 because DB zone has a higher security level compared to web.

Database Zone Security Configuration Sample:

Interface vlan 3

    nameif Database

    Security-level 90

    ip address 192.168.90.0 255.255.255.254

Port Filtering refers to Port Based Traffic control. It is important to control ports on a critical network. Only required port access need to be allow to avoid breach of security. Ports can be controlled on the Firewall. Example for the Web Server only port 443(https) is required to process transaction. Port filtering can applied on the Web Server IP address to allow only HTTPS communication on the Internet. Hackers trying to brute force the server using idle ports from WAN, will fail to do so. Ports filtering will be applied on all critical servers. Port filtering is applied via access list configurations on the firewall.

Access List for Port Filtering

Below Screenshot describe how port access for servers is controlled via access port configuration. Only allowed ports are listed in the access lists. Non listed ports won’t have access on the internet.

Infrastructure Security

After enhancing the security level on network side, now need to apply some security parameters on infrastructure level to ensure the E-commerce platform is working in a full protected environment.

Some key security features are as follows:

Installation of antivirus on all servers and LAN workstations

Antivirus is software is used to detect, prevent and remove malicious. It helps to protect servers and workstations against worms, viruses, Trojan Horses, and other unwanted program. It is mandatory to protect an E-commerce environment against such threats.McAFee Enterprise 8.8 Antivirus Software will be installed on all servers and workstations to ensure a safe environment.

There is other Antivirus software’s, McAfee has been selected because it has best feature for a critical system. Those are, Daily product updates, Malware Alerts with Remediation, Malware Analysis Service,

Best practice requires frequent update of Antivirus software and also regular scanning to ensure a safe working environment. Chat, Phone and Web Support 24*7, Automatic Diagnostic and Remediation Tools and Emergency onsite Assistance. These key features ensure incase of any virus related issue, instant support is available, thus preventing downtime and breach of security

Antivirus Management Console

The below displayed McAfee Management console is used to manage centrally the McAfee Enterprise Antivirus system on all servers and workstations in the E-commerce Network.

Disabling Remote Desktop Access

Remote Desktop is a feature in Windows Operating system that allow user to control take control of remote servers and workstations by using their IP address. It provides a master access to all contents on the remote computer and often provide features like file transfer and printing. It uses port 3389 to launch the RDP service.

Despite it ease management of servers and workstations, it’s a drawback for an ecommerce infrastructure, due to it reduce the level of security. Users from both the LAN and WAN can access the server remotely. It is recommended to disable RDP role on server and also block port 3389 RDP port on firewall for RDP access from internet.

Direct access of server provides a centralized management of servers and control over access to critical servers can be better controlled.

Using Domain Credentials

Logon account is the accounts used to access the server. There are two common types of Logon Accounts which are:

Local Account, as know as workgroup account, it is the default username and password being used during the installation of the Operating system.

It is a standalone account, without any specific policy or security level. Access cannot manage, due to all users, login using the single Local credential while accessing the server. Using local account, each server needs to have its own credential. Security becomes difficult using local account and there is no central management of access.

Domain Account

A Domain is to simply put a unified collection of servers, workstations and user accounts managed by server machines as "Domain Controller" (DC).A DC is a server running Server operating system such as Windows Server 2008 R2 Standard, having the Active Directory Domain Services turned on.

Like Local User Accounts, Domain User accounts also have usernames and password. Difference between Local and Domain account, is that local user account are authenticated by local SAM file of local computer whereas domain users accounts are authenticated by domain controllers.

It will be best to adopt a domain level environment for the PG infrastructure. User accounts and their level of access will be managed centrally by the domain controller, more precisely via the Active Directory.

It will provide fully integrated security in the form of user Logon’s authentication. Administration of servers and users becomes easier in form of group policies and permissions. Identifying resources becomes easier on the network, e.g. user from Ecommerce settlement team, want to print from a shared printer, access can easily be provided. It also supports multiple authentication protocol.

Securing Payment Gateway Website Link using SSL

Security on internet is the most important factor for Ecommerce & E-Business. Ecommerce transactions are exposed to various types of threats. Some popular threats are customer information theft, website defacement, credit card fraud etc. Transaction need to be secure between client and server. For this reason normal browsing port 80 "HTTP" cannot be used to transact on ecommerce website.

To ensure data safeguards, data need to be encrypted while transacting over the internet. To do so, Secure Socket Layer (SSL) is the recommended solution.SSL is a key standard for e-commerce transaction security. It is all about encryption .It is technology used to decrypt and encrypt message between browser and server. It uses port 443 "HTTPS" for secure navigation. It gives individuals browsing a website more confidently, ensuring their purchase will be secure leading to higher sales and good business reputation.

SSL will be integrated in IIS web Server, where the Payment Gateway Website will be accessible via https link.

How the SSL works with the E-commerce website?

User browser encrypts the data and sends it to the receiving E-commerce site using either 128 bit or 256 bit encryption but the browser alone cannot secure the whole transaction, for this reason SSL certificate is required.

An SSL certificate is installed on the PG Web server where it encrypts the data and identifies the site. It helps to prove that site belongs to whom, contain information about certificate holder, the domain that certificate was issued to, the name of certificate authority who issue the certificate, the root (origin of certificate), and the country it was issued.

By encrypting the data, transactions are protected from being read while they are transferred across the Internet. SSL encrypts the message from the browser, and then sends it to the PG Web Server. When the transaction is received by the server, SSL decrypts it and verifies that it came from the correct sender (a process known as authentication).The transaction is then submitted for processing. In case a hacker is able to intercept data packets from the information being exchanged, the hacker would require tools that could decrypt the transaction files. In such cases information will be useless to the hacker

IDS

E-Commerce Website is exposed on the internet, risk of brute force attack and other forms of attacks are higher, to protect and avoid such risks, intrusion Detection System can be used.

Intrusion Detection system (IDS) are very important, evolving technology to protect critical online systems, such as E-commerce Payment Gateway. The aim of IDS is to accurately detect anomalous network behavior or misuse of network resources, sort out true attacks from false alarms and notify administrators of the suspicious activity occurring on the Ecommerce Website Login Interface. IDS is essential because it provides near real time intrusion that can limit compromise and damage to network system.

There are basically two types of IDS being used .Network Based (a packet monitor) and Host Based (looking for instance at system logs for evidence of malicious or suspicious application activity in real time).

For the E-commerce system, a Host Based IDS will be required. Threat Sentry Software Based IDS will best suit the infrastructure environment, due to only one type of connection need to filtered, which is E-commerce website link on port 443 (Https). In case various traffic routes had to be monitored a Network Based IDS module being place near the Firewall would have been the best solution. However implementing a Network Based Firewall requires a huge investment and specialized staff for administration.

Threat sentry IDS will look at the Ecommerce Web Server system logs for evidence of malicious or suspicious transaction activity in real time. It will also monitor the key system files for evidence of tampering.

IPS

Intrusion Prevention System (IPS) is the next level of security technology with the capability of providing security at infrastructure and network level. It provides rules and policies for network traffic along with the IDS for alerting system or network administrators for suspicious traffic. It also provides the action upon being alerted. When IDS informs about potential risk, IPS makes attempt to stop it.IPS has the efficiency of preventing known intrusion signatures but also avoid unknown attacks due to ist database of generic attack behaviors.

In addition to using signatures, IPS uses a set of rules to present either permissible or harmful behavior. Traffic in real time is then compared to the set of rules either permitted or blocked.IPS detects intrusion based on stateful analysis of traffic passing through them.IPS device must utilize stateful packet inspection to perform advanced protection against new types of attacks as well as defined against growing frequency and scale of DOS attack.

There are two types of IPS, Host-based intrusion prevention system (HIPS) and Network based intrusion prevention system (NIPS).For the E-commerce Payment Gateway, HIPS would be more appropriate.MCA HIPS 8.0 would be used to enhance security on the E-commerce infrastructure. It will protect both servers and workstations through the software that run between the application and OS kernel. It is factory default configured to determine the protection rules based on intrusion and attacks signatures.

Database Hardening

All Processed transactions are stored in the SQL Server 2008 Database. Critical information’s such as customer name, credit card number, account number, Transaction amount, acquiring bank details etc are stored in the DB. Implementing a database and placing it in a secure VLAN isn’t enough as security measure. The key part of the e-commerce system is the Database information; it holds vital and sensitive information for customers and acquiring banks.

Information’s in database cannot be stored cannot be stored as plain text, unscrupulous users can easily steal the data either through online SQL Queries or by scanning files on the database server’s hard drive.

The database server must ensure data integrity and privacy. The ecommerce Database server needs to have the following characteristics to assure data security at the highest level:

Data Encryption

Encryption can provide a strong security for data stored in the database tables. The DB system should include encryption functionality thus allowing securing data as it is inserted to or retrieve from the database. Encryption key for each transaction session is generated randomly. Data is accessible only authorized by users who have the key to decrypt the data.

The purpose of database encryption is to ensure the database opacity by keeping the information hidden to any unauthorized persons (e.g., intruders). Even if attackers get though the firewall and bypass access control policies, they still need the encryption keys to decrypt data.

Digital Signature

Transaction Data is encrypted by the sender's private key. The digital signature is submitted to the server together with the original data. Digital signatures depend on certain types of encryption to guarantee authentication. Data transmitted from one computer to another across the internet, is encoded into a form that only the receiving computer can decode the data .This is the process of encryption. Whereas Authentication is the process of crosschecking whether information is coming from trusted source.

Watermarking

Watermarking feature can provide copyright protection for database using relational database watermarking. In server side system the original relational tables are extracted from the database to apply watermarking. This data is partitioned and can embed watermark bits in the least significant bits (LSB) using single bit encoding algorithm. Before sending it to the client side system, apply the encryption algorithm to the watermarked data for providing security. If attacker copies the watermarked relational data from the database, the latter can never read the content.

Steganography

By using steganography, can hide the encrypted watermarked relational database in image. Hence by using combination of all the above security measures, it will be difficult for attacker to steal or modify any data in the e-commerce database. At client side first the data is retrieved from the image which is encrypted watermarked database which is further goes into decryption process to get original watermarked relational data.

Disaster Recovery

Not only providing the best technology and security features ensure continuous running of the E-commerce Payment Gateway Platform. System and Data availability should be guaranteed. For this reason a proper disaster recovery solution should be in place.

The Disaster recovery solution will ensure business continuity in event of natural disasters or technical disasters such as Server crash, hardware failure or system failure.

The key elements of the E-commerce Payment Gateway are the mainly the Processing data stored in the database and the PG tailor made system infrastructure.

To assure the availability of data in case of disaster, backup system must be in place. It is important to backup all critical information and have a plan for recovery from in event of failure.

Critical information’s are stored in the database server after processing. Therefore it is required to implement a backup solution where a copy of latest DB data is available.

Database information’s are usually of high capacity, for this reason the appropriate hardware device would be Tape system of 1 Teras Byte capacity.

Why Tape System?

Despite tape system requires higher investment compared to Disk or types of backup devices, it ensures quick backup and restoration due to uses ESATA connector, it ensures higher security, due to in case of tape theft or loss, can’t be easily restored due to need to have a specific tape drive, which is not available easily; and Tape offers encryption of data during backup, where only the administrator can restore the data using the encryption key.

Backup Strategies

For daily database backup, incremental method should be used. Incremental backup stores all data that has changed since the last backup. One full backup need to be done first, then subsequent backup runs are the changes made since last backup. The advantage of such backup method is that it takes least time to complete and storage space is less compared to backup types.

However the daily backup is useful for immediate restoration of data, but in case of database crash leading to blank DB, incremental backup system would be very time consuming to put the database information up. A Full backup method should be in place, which will keep a copy of the entire database data. This backup method is time consuming but In case of DB failure, can easily retrieve the full DB using a single tape and in a shorter time frame.

Windows Backup free feature would be used to perform the Daily and incremental Tape Backup. The screenshot below provides an overview of the windows Backup interface:

The above methods refer to data backup. System Infrastructure backup is also a key factor of disaster recovery. E.g. if servers are completely destroyed in disaster, restoring. Therefore it would be appropriate to have a system backup. Nowadays technologies exist which provide Bare Metal backup option, which has the capability of restoring a full system as it was previously despite the servers and models are different or completely of new model in a shorter time interval. Previously this was not the ,Engineers had to implement operating system, reconfigure applications and then restore data ,which is complex and time consuming.

To implement a bare metal backup system, a data storage device and solution is required. An external SATA Hard Disk using USB 3.0 (for fast transfer of data) with hardware encryption and shock feature would be required to store the full system image of the Servers. The solution for Bare Metal backup would be Symantec System Recovery v10.0 (BESR).This software provides the features of performing a bare metal backup. It creates entire backup of the server using image format. Normal full system imaging of server requires huge space capacity; this software has the ability to compress the image to shorter size and transferred to the external hard disk in an encrypted format.

When full system restoration is required the image of the server can be recovered on either same server or any different model of server with similar hardware capacity. The Server is booted on CD mode, using Symantec BESR recovery disk, the external hard disk is connected and the image is selected for restoration. The restoration process is shorter compared and the server is backup to its initial status after successful restoration.

Backups of Tapes and External Hard drive should be kept offsite, in a different geographic location from the source location. The key reason for applying this concept is to ensure system and data availability in case the source location is completely out of use in the event of disaster. The e-commerce critical and sensitive backups would be recommended to be stored in Bank safe. This is the practical approach being applied by most companies handling sensitive information’s, banks provide the facilities of renting safe space to safeguard backups .And only authorized people are allow to access the data.

Conclusion

The E-commerce Payment Gateway Processor requires a strong and robust infrastructure for successful operation of the system. Therefore it is important to consider the defined sections, aspects and technologies, to ensure the system is working as intended. Obviously implementing a Payment Gateway requires huge capital investment, but we also need to realize that online financial transactions are very critical and risk of breach of security is higher compared to manual financial transactions system.

For better assurance, the Payment Gateway security features should be tested on a regular basis to ensure the security level is strong to confront external threats. E.g. Regular external penetration testing should be done to ensure the Network is secured from outside.

While implementing the E--Commerce Payment Gateway, the Payment Card Industry Data Security standard (PCIDSS) was considered. It is a compliance standard for protecting card holder data. It is managed by the PCI Security standard councils. The Standard enforces an array of technologies and practice to protect cardholder data.