Ask the Expert

Securing a server for e-commerce

I have a business, and I want to set up a server so that my customers' information will be secure while they are shopping online. What security program do you recommend that I install? How do I go about it?

    Requires Free Membership to View

Unfortunately, there is no easy answer to your question. There are several guidelines for securing servers depending upon whether they are Unix-based Apache servers or Microsoft IIS servers. These are available from SANS, NSA and other places. There is also a tip on searchSecurity for protecting your Web servers.

Clearly, you will want all sensitive traffic to be protected by SSL or other encryption between your customers and your Web server. If any information is stored on the Web server, it should be encrypted. If you are using third party hosting services, you will need to find a way to get that information back to you securely. You might be interested in a paper I wrote in 1999 entitled, Are Secure Internet Transactions Really Secure?

However, there is no single magic program to install that makes your server secure.


For more information on this topic, visit these other searchSecurity resources:
  • Web Security Tip: SQL Server user-security checklist
  • Web Security Tip: ASP.NET authentication: Three new options for Web services
  • Infosec Bookshelf: SQL Server Security -- Chapter 2, Under Siege: How SQL Server is Hacked

    This was first published in August 2004

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: