The process of security management is important in order to refine the existing arrangement and also to develop new strategies as the risk as well as processing services. The process of developing IT security process provides the knowledge of existing threats. There is dependably a requirement to keep up the trust of customers for an effective figuring service. The compelling security arrangement development process is the assessment of threats. (Anand, V. & Saniie, J., 2012). The various security efforts in global e commerce business have different techniques and systems for various purposes. Distinctive techniques are appropriate for particular circumstances. We characterize the probability of a misrepresentation as a threat.
Various areas in e-commerce business like networking, storing data, various scanning methodology and to investigate various threats. The current policies are unable to fulfill all the requirements of users. Implementing security policy is considered as a challenge as well as the primary issue for web based business. Network security can be considered as the various steps that are taken for preventing any type of data loss. Securing the whole networking system requires the coordination of a wide assortment of safety efforts from making user records to hire better representatives and to keep the server secured in a room. As I am appointed as the consultant for designing network and IT security for enhancing global site. My responsibility is to design security document for e-commerce website as well as the merged organization by considering all facts and figures. (Kaur, K. & Dr. Pathak, A., 2015).
As we know that network e-commerce website are more intense to any type of threat or risk, as all the customer information like their personal information, their banking information etc are saved online. The main targets of hackers are these online sites through which they can hack all the important and confidential information of clients.
The main purpose of this IT security report is to design a security policy for the e-commerce website, to determine network auditing process and to determine which IDS (Intrusion Detection System) will be better for e-commerce website. This report will upgrade the opportunity to secure the web information. The main purpose behind this report is to make e-commerce business secure from the hackers, SQL injection or any type of vulnerability.
Merging of two organizations is meant to merge the two different cultures through a corresponding impact. The integration will require the selection by the undertaking of the other organization’s culture. The detachment requires the protection of the culture of the second organization. The ingestion incorporation between these two organizations will be prescribed when administration and the organization methods for the merged organization are not planned to be kept. This policy of merging of organizations is intended to revamp the assets of the acquirer and of the obtained endeavor inside another entire for the acquisition of scale as well as economies, on the administrative practices and the reinforcing the competitive environment. This merging strategy is acknowledged from method of rationale identified with its activities or their complementarity that propose to acknowledge cooperative energies. In this way, the presence of methodological associations, supported with the absence of specificity, prompts to the integration of associations which go through a retention incorporation process. (Vancea, M., 2011).
Absence of synchronization in IT framework in both organizations can have challenges with regular business processes like hiring staff, sales, customer records etc. This challenges will be a reason to slow all the daily processes. If both organization’s IT processes will not integrate, various errors or network threat can be possible. It will diverts both organizations from concentrating on their center business capabilities. As both the procured and the obtaining organization come in with independent financial frameworks, providers, accomplices, it is crucial to guarantee a standard is set up. (MulSoft Inc., 2017).
Integrating IT departments from both organizations will require that innovation pioneers adjust their assets in three main priorities – Firstly, IT divisions are entrusted with “keeping the lights on,” or guaranteeing the same operations during its incorporation procedure. Secondly, they should consolidate the IT branches for merging the organizations, with the point of diminishing expenses or to perceive other collaborations. Finally, they should give IT support for incorporating all departments while building up the IT infrastructure for the long term business goals of the organization in its new emphasis. (Dawson, D. & Waller, S., 2010).
From a specialized security angle there is an extensive variety of issues that needs to be secured. Various access controls needs to be comprehend; the kind of information communications that are actualized; regardless of whether external elements are associated to the organization frameworks and provided; any remote access and its management. Also implementation of various hardware resources like firewall, encryption, and installation of anti-virus must be understand by network manager. If two organizations have worked on all requirements, their set up and the norms for utilizing them, the simpler it will be to see where there are gaps that should be tended to as these organizations combine. (Hartman, A., 2002).
The objective of interruption detection system (IDS) is to screen network resources to identify any type of abnormal behavior and abuse in the entire network. The IDS mainly screens network traffic for action that falls inside the restricted action in the system. The main function of IDS is to make the alert action for network administrator for enable them to make restorative move, to block the unauthorized access for vulnerable ports, to deny the access to particular IP address or to close down administrations used for the attack purpose. (Ashoor, A., S. & Prof. Gore, S., 2011).
As we know that, the network architecture of e-commerce business is constantly prone to be assaulted particularly when managing a network in which data flows on regular basis and showing vulnerabilities that permit an assailant to enter and authorize illegal activities that produce abnormalities in the system, subsequently to actualize for investigating network to detect the interruption. It can also detect any malicious activity in network traffic from Internet. It can likewise be used to recognize any defect that endeavor to assault PCs in a LAN. The IDS framework investigates the substance as well as data from the header of the IP and then distinguish this data and marks of known assaults. If the details are as per the attack, IDS gives some warning for planning action accordingly. (Ourida, 2012).
Interruption prevention system (IPS) can be defined as the process though which any type of intrusion or network risk are detected and in turn overseeing responsive activities on those distinguished interruptions as well as risks all through the system. The main function of IPS is to monitor network traffic with any type of malicious activity and which coordinate particular profiles and will trigger the age of alarms and it can drop, obstruct that movement continuously go through in the network. (Chakraborty, N., 2013).
3.2.1 Network based IDS – The main function of NIDS (Network based IDS) is to monitor for a specific system and examines the system as well as application protocol to distinguish any type of suspicious action. This IDS is deployed at a limit between systems like in switches, firewalls, virtual private systems and so on. But it is less commonly used as failure occurs at single point. Also, it is unable to detect any type of DoS attack. It screens the entire system and deliver it at the limit of the system. However, it isn’t appropriate for securing every hosts inside the system.
3.2.2 Host Based IDS – In Host-based IDS (HIDS) innovation, software is introduced on each of the system hosts of networking framework in order to monitor any malicious activity in the networking. Its main function is to to monitor network traffic and any other activity like security policy, log audit etc. Log analysis, analyzing policy, checking integrity etc are also performed by HIDS. These IDS are also used to deploy critical hosts like any accessible server, or any confidential information. So it will be better to implement host based IDS that will monitor the integration of both cooperate network. (Chakraborty, N., 2013).
Web based internet vulnerabilities represent maximum vulnerabilities that occurs in the Common Vulnerabilities also, Exposures (CVE) database. The main web based vulnerabilities are given as following:
3.3.1 SQL Injection – This attack happen if the contributions to web applications assault the back-end layers of the web servers. In this vulnerability, the web applications create few sites that are shown on the web program. These permit the client as well as the host machine to communicate with each other. Generally web applications allow their clients to include data, which additionally decides the administration flow and furthermore the output of the application.
32.3.2 Cross-site Scripting (XSS): These are emerge from the inability of application to legitimately approve client contribution before it returns to the end for handling. Through this, the hackers constrain a customer, such as user application, to execute hacking code, as JavaScript, inside the system. As a result, the attacker’s code is allowed access to security information that was issued by some trustworthy site. (Swarup, S. & Dr. Kapoor, R., K., 2014).
Web Application Vulnerability Scanners (WAVS) or web application security scanners, are black-box testing tools. Its main purpose is to monitor e-commerce site for security vulnerabilities. They slither via web application’s pages and scan the application for vulnerabilities by mimicking assaults on it. These scanners include malicious information sources that are analyzed for the consequent assessment of application’s reaction. Various tools are accessible for commercial purpose. The developers utilize them to confirm the security of their items and to safeguard its integrity, privacy, and accessibility of created applications for their customers. (Kagorora, F. & Li, J., 2015).
WAVS by HTTP Method – HTTP web application scanner can check e-commerce site, to check that each file is accessible from the web and reenact programmer movement so as to distinguish vulnerable segments. These vulnerability scanner can be utilized to evaluate the code which makes up a web application, enabling it to recognize potential vulnerabilities which won’t be clear from the web, but rather still exist in the web application, and can still be abused. This process scan the application for shells from client system for any infused areas and with their standard names. It is the remarkable component of the framework which will be at customer machine. It is mainly found in Web applications. XSS empowers assailants to infuse customer side content into Web pages viewed by different clients. This is the best method for detection of any vulnerability in the network. (Patil & Prof. Gosavi, 2015).
JAVA Tool – The tool is produced in JAVA and can be possible for any environment. The central function of the tool is:
A firewall can be defined as hardware or software system that are planned to allow or deny the transmission of network traffic in light of set of security tenets as well as directions to authorize control in between two systems to secure internal or external network system. The main function of firewall is to secure local area network and Wide area network from any type of security risk. Also, it gives access to the outside network through WAN and web. (Chopra, A., 2016).
The two types of firewalls which can be used in merged IT corporate environment are as following:
3.3.1 Application Level Firewalls – Application-level proxies integrate few elements of packet filtering firewall and circuit level gateways. They channel packets as per the services for which they are expected, yet in addition by certain different qualities like HTTP request. These firewalls give significant information security, they can drastically affect the performance of network.
3.3.2 Multilayer Firewalls – Multilayer firewalls are responsible to integrate packet and circuit monitoring that enables direct associations between local as well as remote hosts that are transparent to the system. They depends on calculations to perceive that the service is being asked for, as opposed to by essentially giving an intermediary to the secured service. These firewalls operate by holding the packets of firewall segments by passing through protocol stack. It gives the client greatest control over which packets are permitted to achieve their last goal, yet again influences the performance of network. Hence, Multilayer firewalls are best for the merged corporate environment. (Ferrell, n.d).
Firewalls normally work on the border of a system and are the most well-known methods for securing an IT environment. A firewall can channel or block the unauthorized access, yet it’s a basic authoritative tool and isn’t a physical obstruction, so it cannot really hinder the hackers themselves. Customary packet channel firewalls are very powerful and “simply work” since they are clear to design while practically difficult to mess up. Obviously, this must be accepted that only configuring firewalls does not make any incorrect error during setup or progressing support.
An Intrusion Detection System (IDS) works in-line monitoring network movement and is a stage up from a firewall. An IDS match’s information inside packet against a mark database while searching as well as distinguishing abnormalities against a pre-characterized “ordinary” network traffic movement.
Web Application Firewall (WAF) works in-line, however screens network activity to and from a particular web application or server. A WAF can ensure protection against dangers like Cross-Site-Scripting or SQL infusion, yet can just recognize an attack when it would appear that an example by which WAF is designed to anticipate. There are numerous vulnerabilities which don’t look like expected examples. A multi-layered way to deal with information security, including the greater part of the segments that are mentioned above is the new ‘least standard’. Anything less is basically not adequate. (Utrosa, M., 2015).
Conclusion
By consolidating all exploration approaches into one single statement, the effect develops in two measurements: the number of types of analysis, and second, the quantity of upheld security controls. This prompts a model that can perform distinctive policy analysis it covers a more extensive scope of security controls. This approach prompts two enhancements: initially, minimize research and besides, diminished execution time. Effectively incorporating security advancements into a secured infrastructure is the way to guaranteeing secure e-business. This is the initial phase in setting up trust. Huge numbers of the current safety efforts are utilized as a part of the E-business application in relationship with different measures. IDS are getting to be main methodology in today security in corporate world and for network clients. IPS characterizes about the avoiding measures for the security.
In this report, distinctive component in network security of both organization’s IT environment threats to the system and its solutions by utilizing of firewall and other methods are analyzed. Network firewalls are used to protect the organization’s internal as well as external network attack. From the above discussion it can be concluded that the most appropriate firewall for both environment is multilayer firewall for having high level security besides the type of attack or threat that occurs on the network system. The appropriate security component by utilizing firewalls can be connected in such a way that resistance ability of system against the network threats, can improved, for securing network on better extent.
References
Anand, V. & Saniie, J. (2012). Security Policy Management Process within Six Sigma Framework. Journal of Information Security, 2012, 3, 49-58. Retrieved from – https://file.scirp.org/pdf/JIS20120100003_25350793.pdf
Ashoor, A., S. & Prof. Gore, S. (2011). Importance of Intrusion Detection System (IDS). International Journal of Scientific & Engineering Research, Volume 2, Issue 1, January-2011. Retrieved from – https://www.ijser.org/researchpaper/Importance_of_Intrusion_Detection_System.pdf
Chakraborty, N. (2013). Intrusion detection system and intrusion prevention system: a comparative study. International Journal of Computing and Business Research (IJCBR) ISSN (Online) : 2229-6166 Volume 4 Issue 2 May 2013. Retrieved from – https://www.researchmanuscripts.com/May2013/1.pdf
Chopra, A. (2016). Security Issues of Firewall. International Journal of P2P Network Trends and Technology (IJPTT) – Volume 22 Number 1 January 2016. Retrieved from – https://www.ijpttjournal.org/2016/volume-22/IJPTT-V22P402.pdf
Dawson, D. & Waller, S. (2010). The Role of IT in Successful Merger Integration. Retrieved from – https://www.strategyand.pwc.com/media/file/The_Role_of_IT_in_Successful_Merger_Integration.pdf
Ferrell, R., G. (n.d). The five different types of firewalls. Retrieved from – https://searchsecurity.techtarget.com/feature/The-five-different-types-of-firewalls
Firewalls. Vicomsoft Ltd. (2009). Retrieved from – https://www.vicomsoft.com/knowledge/reference/firewalls1.html
Ghosh, A. (2015). What is Host-based intrusion detection system (HIDS)? Retrieved from – https://thecustomizewindows.com/2015/06/what-is-host-based-intrusion-detection-system-hids/
Gringolts, V. (2015). The Three Steps to Consolidate the Active Directory Environments of Merging Organizations. Retrieved from – https://www.binarytree.com/blog-portal/blog/2015/august/the-three-steps-to-consolidate-the-active-directory-environments-of-merging-organizations/
Hartman, A. (2002). Security Considerations in the Merger/Acquisition Process. SANS Institute. Retrieved from – https://www.sans.org/reading-room/whitepapers/casestudies/security-considerations-merger-acquisition-process-667
Kagorora, F. & Li, J. (2015). Effectiveness of Web Application Security Scanners at Detecting Vulnerabilities behind AJAX/JSON. International Journal of Innovative Research in Science, Engineering and Technology Vol. 4, Issue 6, June 2015. Retrieved from – https://www.ijirset.com/upload/2015/june/79_Effectiveness.pdf
Kaur, K. & Dr. Pathak, A. (2015). E-Commerce Privacy and Security System. Int. Journal of Engineering Research and Applications ISSN : 2248-9622, Vol. 5, Issue 5, ( Part -6) May 2015, pp.63-73. Retrieved from – https://www.ijera.com/papers/Vol5_issue5/Part%20-%206/J505066373.pdf
Mergers and Acquisitions – Overcoming Post Merger Integration Challenges. MuleSoft Inc (2017). Retrieved from – https://www.mulesoft.com/resources/cloudhub/mergers-acquisitions-it-integration
Note on Firewalls and Content Filtering. Kullabs Ltd. (n.d). Retrieved from – https://www.kullabs.com/classes/subjects/units/lessons/notes/note-detail/8747
Ourida, S., B., B. (2012). Implementation of an Intrusion Detection System. International Journal of Computer Science Issues, Vol. 9, Issue 3, No 1, May 2012. Retrieved from – https://www.ijcsi.org/papers/IJCSI-9-3-1-420-424.pdf.
Patil, H., P. & Prof. Gosavi, P., B. (2015). Web Vulnerability Scanner by Using HTTP Method. International Journal of Computer Science and Mobile Computing, Vol.4 Issue.9, September- 2015, pg. 255-260. Retrieved from – https://ijcsmc.com/docs/papers/September2015/V4I9201549.pdf
Swarup, S. & Dr. Kapoor, R., K. (2014). Web Vulnerability Scanner (WVS): A Tool for detecting Web Application Vulnerabilities. International Journal of Engineering Research Volume No.3, Issue No.2, pp : 126-131. Retrieved from – https://www.ijer.in/publication/v3s2/IJER_2014_219.pdf
Thakur, D. (n.d). FIREWALL: Explain Types of Firewall Architectures. Retrieved from – https://ecomputernotes.com/computernetworkingnotes/security/types-of-firewall-architectures
Utrosa, M. (2015). Firewall? IDS? IDP? WAF? Retrieved from – https://www.datex.ca/blog/firewall-ids-idp-waf
Vancea, M. (2011). Challenges and stakes of the post – acquisition integration process. Annales Universitatis Apulensis Series Oeconomica, 13(1), 2011. Retrieved from – https://www.oeconomica.uab.ro/upload/lucrari/1320111/18.pdf
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download