Security is a major issue regarding E Commerce. It is something you cannot get right in the first time and you have to be constantly working at it to avoid hackers access to your database.
Security can be tackled at different levels. This article covers some ways to enhance security in an NT - IIS environment.
To provide specific resources to specific users and to secure some resources against unauthorised disclosure, a network operating system has to know the identity of each attached user. The authentication is provided by logon authentication. Only individuals who know the password can use the account.
A case with Logons
Web sites can be created to exploit IIS and IE's automatic credential provision. A program masquerading an IIS can request credentials from your internet Explorer Web browser, which your web browser will automatically provide. This imposter web site can then replay these credentials against the Win Logon service on your machine to gain access to your computer as you.
USER Accounts
Local Users and Global Users.
Windows NT has two types of users: local and global. Local users are users who are allowed to log on to the computer itself. Global users are users who are allowed to log on to the network domain. You create local users with the User Manager included with windows NT Workstation and with the User Manager for Domains included with Windows NT Server.
You create global users only with the User Manage for Domains included with Windows NT Server on servers designated as primary domain controllers, backup domain controllers, or member servers. Global user accounts are created on the primary domain controller. The primary domain controller replicated its accounts database to all Windows NT Servers designated as backup domain controllers in the domain. Backup domain controllers will respond to a logon attempt if the primary domain controller fails to log on the client after a short period of time, meaning that the primary domain controller is busy or temporarily unreachable.
Special Built-in Accounts
Windows NT creates two user accounts by default: the Administrator account and the Guest account.
Do not use the Guest account for Internet anonymous users, use the provided IUSR_computername account instead.
As with any LAN there are three types of functions with User Accounts, which are very elementary and can be considered very basic. Nevertheless I would like to just have a mention of those in the course ware for IIS 4.0
Anonymous Internet Access
Internet servers have traditionally allowed anonymous access-the World Wide Web is based on the ability to access information quickly without providing logon credentials. To satisfy the Windows NT requirement that all users log on but still allow Anonymous access to information, IIS creates and implements a logon account for use in the absence of better credentials: the Anonymous user account.
IIS creates a user account when you install it. By default this name is IUSR_computername, where computername is the name of your Windows NT server, You can specific any other user account if you wish.
By assigning permissions to this user account, you can restrict or permit access to Internet information in the service root directories of your server.
Access Token
Your access token is created when you log on. It contains your user identity and the identity of all the groups you belong to. The system compares this access token to each secured resource (such as share, file or directory) you attempt to access. These resources contain access control lists, which list each security ID from the User Accounts and Groups permitted to use the resource. If any of the identifiers in your access token match identifiers in a resource's access control list, you are allowed access as specified by that entry.
Firewalls are more complicated than packet filters because firewalls examine the data portions of packets, as well as the headers, in an attempt to control the data transferred in the packets as well as the sources and destinations of the packets. The firewall can only control the data portion for protocols that the firewall understands, so the additional security provided by a firewall only applies to the most commonly used Internet services. For new, experimental, or proprietary protocols, a firewall is no more useful than a packet filter.
A firewall can detect, for example, that a connection coming into your network from an allowed external mail server does not conform to the syntax used by the SMTP service. A properly configured firewall will then disallow access from the (presumable) compromised external computer and alter the administrator to an unauthorized access attempt on the network. Similarly, a firewall would detect non-NFS data coming through an NFS-allowed port, or non-HTTP data coming from an allowed HTTP port.
Firewalls are usually used in conjunction with packet filters and with proxy servers, which provide even more service-level functionality.
A proxy server for a service will access Internet services for client computers on your network. The proxy access has two benefits: it hides the identity of the computers on your network, which gives attackers from the Internet less information about network, and it can cache commonly accessed resources so that many client requests are satisfied much faster than they could be without the proxy.
A proxy server also makes firewall and packet filter configuration easier because all external connections to the services mediated by the proxy will go to the proxy server computer. Any other external connections can be explicitly denied.
For organizations that simply cannot accept the risk of local network intrusion from the Internet but still want access to the Internet, there is only one solution: create two networks, one for secure local storage and the other for Internet clients and services. This solution is sometimes called the "sacrificial goat" form of network security because computers on the vulnerable network may be compromised without risking data on the secure network. The military uses this concept to run a classified "Internet" parallel to the unclassified Internet.
In fact, the computers on the sacrificial network may intentionally be left with substandard security and then closely monitored to serve as bait to determine (when the computers show evidence of being hacked) that the organization is under attack.
The problem with this sort of Internet connection is that to be truly effective no computer can be on both networks at the same time. Network users must physically move to a station that is connected to the Internet in order to access it, and information retrieved from the Internet must be physically moved from the Internet stations to the stations on the LAN.
You should not use your file and print server as an Internet server; instead, you should place a dedicated machine in a different protection domain to host WWW and FTP services. One good way to establish a separate protection domain operating system to have two firewalls – one between your Web server and the Internet and another between your network and the Web server. This limits the extent that security will be compromised if the Internet server is broken into. One drawback to having two firewalls, which will increase latency and cost.
Network intruders hope to compromise the network file server because that’s where you store the important data on your network, where network passwords are found, where a pirate may store stolen software, and where the security for your network is controlled. You can make it much harder to get at your file and application servers (but not impossible; hackers are notoriously clever) by not allowing those servers to connect to the Internet.
In order for the client computers on your network to access the Internet they must have the TCP/IP transport installed. Your router must route TCP/IP, and your packet filter and firewall must pass TCP/IP packets. Your network clients and file server don’t have to use TCP/IP for file and print services, though, and it is a good idea to use either the NetBEUI or NWLink network protocol instead of TCP\IP for that purpose.
If your file server does not have TCP/IP installed, an external attacker cannot use weaknesses in TCP/IP to get at your server. Nor can the attacker use a compromised client computer to tunnel TCP/IP into and out of your network to attach the server if your firewall merely blocks access to your server’s IP address. Instead the attacker must be able to remotely control the client computer so that it will perform the file access itself; or the attacker must install software on the compromised client that will perform a protocol conversion, which is not an easy thing to do.
In the next article, we would cover IIS security aspects in detail. Till then you can be in touch with me on sandeep@fandsindia.com