What is your weakest e-commerce link?
By David Strom
The popular TV show "Weakest Link" isn't my cup of tea, but it does contain
a useful metaphor for any IT manager interested in tracking down their
e-commerce security issues. It is a reminder that no matter how much we beef
up various parts of our security infrastructure, the overall system is only
as strong as its weakest link. So let me ask you, what do you think your
weakest link is for your Web storefront? Could it be your firewall, or how
your Web server is set up, or perhaps how you maintain your customer records?
I think the answer is clearly none of these technologies, although all
contain important security measures, and you shouldn't overlook any of them.
But the far simpler answer and one that probably won?t get you on any TV
game shows, is the people who run your Web site. Most security problems are
people-related, not technology-related. It is far easier to penetrate a network with
a little bit of "social engineering" and a phone call to key personnel. And
all the security scanners and protective equipment in the world can't help
in this situation.
So how to find these weak links? Again, let's use the game show as a model
and ask a few questions to expose these people.
First, look at how your site is set up with various passwords. This is
low-level stuff, but a weak password is the easiest way that someone can
break into your systems. Does your
FTP site have the same password as your
database server or firewall? Do the directories that are available for FTP
intersect with directories that contain programs, scripts or other
high-risk files that could be easily compromised? All it takes is someone to
upload a rogue CGI script in the right place, and your site could be wide
open for anyone to exploit.
Passwords are worthy of an entire column in and of themselves. As a result
of doing the research for this column, I finally changed my own FTP
password, which I had for about 20 years and was relatively simple to guess. You would be amazed at how easy it is to penetrate a site with a simple password. I tried to get access to a
friend's Web site, and all I needed was his e-mail address and zip code, and
I was in. Granted, that was a Web site with pretty weak security, but it
could happen to you, too.
Sometimes, guessing passwords is very easy, especially if your users have
written them down and have them in public view on their desks. I remember
attending a security trade show in Boston a few years ago. To get to the
convention floor, you had to walk past the offices of some financial
services firm that had big plate glass windows facing the street. Throughout
the offices, you could clearly see various people's passwords written on
Post-It notes and attached to their computer monitors. It wouldn't take much
to penetrate that network if you were determined: All you would need is a
good pair of eyes. This is generally not a good idea and is an obvious weak
Second, examine your servers carefully to make sure that the access rights
for various personnel match their duties and responsibilities. You should
also examine the last login of all of your users, particularly the ones with
more privileged access or those who are administrators, and make sure that they are doing
what they are supposed to be doing. All it takes is one compromised user ID,
and you could have a copy of your customer data at a hacker or competitor's
office within minutes. While you are browsing the user lists, see if there
is anyone on the list that isn't part of the IT department, and make sure
you have a darned good reason for keeping them on the list and allowing them
access to your site.
Third, look at the human side of your order fulfillment and payments
process. It is all well and good to have numerous systems and checks and
balances in place to keep track of where the money and goods go, but it is
also a good idea to see how many bodies are in the loop between when a
product gets ordered and when it gets sent out the door. It could be that
someone has a friend in the mailroom and is sending your products off
premises, something that companies call inventory shrinkage but I call
stealing. All it takes is one weak link.
What about the customer support operators on your phone support systems? Are
they empowered to change a user's password to their account? What else are
they empowered to do, and can they do damage if someone could
comprise one of these people or obtain their login and other security
These are just some suggestions to get you started thinking about the
non-technological end of your security infrastructure. Hopefully, you can
remove all of the weaker links and strengthen your e-commerce site security.
And who knows: maybe this will be good preparation for a future appearance
on some TV game show?
About the author
David Strom is president of his own consulting firm in Port Washington,
NY. He has tested hundreds of computer products over the past two decades
working as a computer journalist, consultant, and corporate IT manager.
Since 1995 he has written a weekly series of essays on Web technologies and
marketing called Web Informant. You can send him e-mail at email@example.com.
Talk back! Do you have any comments on this column? If so, share them in our anonymous discussion forum
This was first published in September 2001