Balance security and open communications
The emergence of technologies and business practices add complexity, and often vulnerability, to state-of-the-art e-commerce sites. This is reflected in the significantly more complex security environments that exist in many organizations. Without proper testing in sample environments, the promise of quality security is illusory.
Unfortunately, very few companies have the opportunity to establish sites dedicated to testing security. These sites are both expensive and labor intensive -- two quantifiable resources that most lack a surplus of in their IT shops. Thankfully, organizations exist to perform security testing for you -- even better, many share their results free of charge. The vendors who supply the products that are the foundation of the network being tested sponsor most of these sites. For instance, the Openhack site, a site built to test network security invitees hackers to try to penetrate it and pays rewards if they do. Cracking into Openhack.com pays rewards ranging from $500 for defacing the Web server to $1,500 for compromising the e-mail server to $2,500 for cracking into the database server. No prizes are given for DDoS (distributed denial-of-service) attacks.
Funded by many companies, including PSINet, Microsoft, Sun, Axent and more, Openhack is a useful tool for learning about network security for e-business sites.
About the author:
Barrie Sosinsky (firstname.lastname@example.org) is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
Related book E-Commerce Security: Weak Links, Best Defenses
Author : Anup K. Ghosh
Publisher : John Wiley & Sons
ISBN/CODE : 0471192236
Cover Type : Soft Cover
Pages : 304
Published : Jan. 1998
Written by security expert Anup K. Ghosh, E-Commerce Security highlights the weak links and provides best defenses for individuals and enterprises connected to the Internet. This valuable guide addresses vulnerabilities in four essential components of electronic commerce -- the data transport protocol, Web server, Web clients and the network server operating system.