Security for your e-business is a de-facto must. You have to keep your corporate interests intact, and you have to keep the bad guys out of your e-business site, while letting the good guys (your customers, e.g.) in. In this tip, excerpted from
, Michelle Johnston, e-business expert, talks about security considerations in the technical design of your site.
Security is a massive topic. To be effective, the security policy of an organization must be enforced at every level of the technical architecture and must be reinforced via business policies and procedures.
Web server hardware should be kept in a secure room, free of environment hazards, with access controls, air conditioning and so on. Firewalls and proxy servers must be configured to prevent unauthorized access and to keep out malicious content (this should include the disabling of any ports that don't need to be open and careful control of those that do).
Network configurations and password control should be effectively managed and monitored.
Audit logs should be kept of all failed attempts to gain access to the system. Virus-checking software should be installed on file servers, hard disks and so on, before any device or computer is allowed access to the network. Web server software-access controls should be carefully managed; virtual directories should be created and maintained carefully in the light of security issues.
Operating system permissions (on files and directory structures, as well as on executable content) should be carefully controlled and monitored, and database permissions and security controls should be afforded the attention they deserve. Application-level controls, where they exist, should be carefully designed, managed and monitored.
The use of SSL to manage interactions between the browser and the Web server can help protect sensitive data being sent to and from the Web. ActiveX controls should only be used in situations where they're absolutely necessary, and even then with a great deal of caution and control over what they can and cannot do. Digitally signing an ActiveX control only provides the user with confidence that he or she can download it; it doesn't ensure that the ActiveX control cannot cause unexpected damage or provide a backdoor into the system.
Remember that security is a journey, not a destination -- new security "holes" are found in software components all the time, new viruses appear daily and complacent companies are the hacker's dream.
To read all of this tip on technical architecture for e-business, click over to
. You'll have to sign up there, but it's free.
Delivering Security and Privacy for E-Business
Author : Anup Ghosh
Publisher : John Wiley & Sons
ISBN/CODE : 0471384216
Cover Type : Soft Cover
Pages : 256
Published : Feb. 2001
With billions of dollars at stake in e-commerce, companies are becoming much more concerned about security and privacy issues. Hackers have made headlines by breaking into Web sites that aggregate sensitive information about all of us, which has caused growing public concern about personal and financial privacy. Some online businesses are inadvertently "sharing" data with others when they interoperate systems. This book examines the external threats to a company's system and explains how to react if your system and business goals diverge. It also presents a nuts-and-bolts guide to enhancing security and safeguarding gateways. Readers will find an extensive reference section for the many tools, standards, and watchdog agencies that aid in the security/privacy effort.