d) Server firewalls
A firewall is like the moat surrounding a castle. It ensures that requests can only enter the system
from specified ports, and in some cases, ensures that all accesses are only from certain physical
machines.
A common technique is to setup a demilitarized zone (DMZ) using two firewalls.
The outer
firewall has ports open that allow ingoing and outgoing HTTP requests. This allows the client
browser to communicate with the server. A second firewall sits behind the e-Commerce servers.
This
firewall is heavily fortified, and only requests from trusted servers on specific ports are
allowed through. Both firewalls use intrusion detection software
to detect any unauthorized
access attempts.
Another common technique used in conjunction with a DMZ is a honey pot server. A honey pot
is a resource (for example, a fake payment server) placed in the DMZ to fool the hacker into
thinking he has penetrated the inner wall. These servers are closely monitored, and any access by
an attacker is detected.
