What is your weakest e-commerce link?
By David Strom
The popular TV show "Weakest Link" isn't my cup of tea, but it does contain a useful metaphor for any IT manager interested in tracking down their e-commerce security issues. It is a reminder that no matter how much we beef up various parts of our security infrastructure, the overall system is only as strong as its weakest link. So let me ask you, what do you think your weakest link is for your Web storefront? Could it be your firewall, or how your Web server is set up, or perhaps how you maintain your customer records?
I think the answer is clearly none of these technologies, although all contain important security measures, and you shouldn't overlook any of them. But the far simpler answer and one that probably won?t get you on any TV game shows, is the people who run your Web site. Most security problems are people-related, not technology-related. It is far easier to penetrate a network with a little bit of "social engineering" and a phone call to key personnel. And all the security scanners and protective equipment in the world can't help in this situation.
So how to find these weak links? Again, let's use the game show as a model and ask a few questions to expose these people.
First, look at how your site is set up with various passwords. This is low-level stuff, but a weak password is the easiest way that someone can break into your systems. Does your FTP site have the same password as your database server or firewall? Do the directories that are available for FTP intersect with directories that contain programs, scripts or other high-risk files that could be easily compromised? All it takes is someone to upload a rogue CGI script in the right place, and your site could be wide open for anyone to exploit.
Passwords are worthy of an entire column in and of themselves. As a result of doing the research for this column, I finally changed my own FTP password, which I had for about 20 years and was relatively simple to guess. You would be amazed at how easy it is to penetrate a site with a simple password. I tried to get access to a friend's Web site, and all I needed was his e-mail address and zip code, and I was in. Granted, that was a Web site with pretty weak security, but it could happen to you, too.
Sometimes, guessing passwords is very easy, especially if your users have written them down and have them in public view on their desks. I remember attending a security trade show in Boston a few years ago. To get to the convention floor, you had to walk past the offices of some financial services firm that had big plate glass windows facing the street. Throughout the offices, you could clearly see various people's passwords written on Post-It notes and attached to their computer monitors. It wouldn't take much to penetrate that network if you were determined: All you would need is a good pair of eyes. This is generally not a good idea and is an obvious weak link.
Second, examine your servers carefully to make sure that the access rights for various personnel match their duties and responsibilities. You should also examine the last login of all of your users, particularly the ones with more privileged access or those who are administrators, and make sure that they are doing what they are supposed to be doing. All it takes is one compromised user ID, and you could have a copy of your customer data at a hacker or competitor's office within minutes. While you are browsing the user lists, see if there is anyone on the list that isn't part of the IT department, and make sure you have a darned good reason for keeping them on the list and allowing them access to your site.
Third, look at the human side of your order fulfillment and payments process. It is all well and good to have numerous systems and checks and balances in place to keep track of where the money and goods go, but it is also a good idea to see how many bodies are in the loop between when a product gets ordered and when it gets sent out the door. It could be that someone has a friend in the mailroom and is sending your products off premises, something that companies call inventory shrinkage but I call stealing. All it takes is one weak link.
What about the customer support operators on your phone support systems? Are they empowered to change a user's password to their account? What else are they empowered to do, and can they do damage if someone could comprise one of these people or obtain their login and other security credentials?
These are just some suggestions to get you started thinking about the non-technological end of your security infrastructure. Hopefully, you can remove all of the weaker links and strengthen your e-commerce site security. And who knows: maybe this will be good preparation for a future appearance on some TV game show?
About the author
David Strom is president of his own consulting firm in Port Washington, NY. He has tested hundreds of computer products over the past two decades working as a computer journalist, consultant, and corporate IT manager. Since 1995 he has written a weekly series of essays on Web technologies and marketing called Web Informant. You can send him e-mail at email@example.com.
Talk back! Do you have any comments on this column? If so, share them in our anonymous