In the Information Age, the unprotected web site is the equivalent of leaving your keys in the front door. There are some basic security measures online businesses can take to secure their site.

To many, the phrase “network security” has become something of an oxymoron. Far from feeling secure about their networks, many online merchants are in a state of confusion. On the one hand, they are bombarded daily by news about new viruses costing companies millions, or some well-known e-tailer being hacked for its customer’s credit card numbers. On the other hand, they are inundated by advertisements for products, services and software insisting that they’re the only solution for their security concerns. The fact is, to stay alive in the world of e-commerce you have to have maximum visibility. As always, the exposure and availability of your product directly affects profit. But this very same potential for profit carries with it the risk of being more susceptible than ever to security problems.

Businesses are scrambling to get on the web and many small and medium-sized businesses are installing out-of-the-box e-commerce server systems as a quick way to get online. However, sometimes the need for speed comes at the expense of sufficient security. This leaves fledgling web-businesses vulnerable not only to serious hackers or disgruntled employees, but also so-called “script kiddies”, tech savvy teens who hack into less protected systems just for the prestige and devil-may-care fun of it.

Fortunately, there are some basic steps you can take to minimize the amount of damage if your website is the target of an attack from a hacker or a disgruntled employee. To start with, you will have to look at your whole system with a critical eye and be prepared to assess its weaknesses and strengths.

Firstly, recognize that the information stored in your system is more likely to be vulnerable at access points rather than in transit. Your Web server and your clients systems will probably need additional controls and security policies implemented. Information is usually encrypted as it travels from one point to another, so don’t spend undue resources on protecting something that is already secured. Your system is only as secure as the weakest component of your network. Computer hackers know this and will attempt to search out your “soft spots”, which are the places you need to protect.

Secondly, keep in mind the four components that should be evaluated when you are considering building an e-commerce server. These are: the client system, the transport protocol, the web server and the operating system. These components have different types of vulnerabilities that need to be understood and addressed individually.

Thirdly, you will need to impart polices and standards in the form of a security cycle to protect your information. You will need to create a system that prevents, detects, responds and recovers from attacks. This system needs to be created with your company’s specific vulnerabilities in mind. Any worthwhile security cycle will incorporate both education and training and will work effectively only through proper coordination.

Once you have decided on a security policy, you will need to implement some basic steps before your system goes online. These are: installing network intrusion detection systems (NIDS), shutting down Internet control message protocol (ICMP) services when warranted, having a backup Internet Service Provider (ISP) and, lastly, reviewing the default settings of your system and adjusting them to meet your security requirements. Once your system is up and running, you should monitor it closely. Things to monitor include: any intrusion signs such as log-ons outside regular hours or while employees are vacationing, system slow-downs and remote access log-ons and attempts. Be sure to record all employee complaints of their system being used while they were away or any comments that their system is behaving irregularly. Assemble all of these notes in a well-kept security log. Do not discuss security topics via email as hackers can monitor this medium. In addition, do not start your own investigation and evidence collection, as you might jeopardize important information. Investigation is a task better left to hired experts.

Finally, whether your concern is performing e-commerce transactions or protecting your intellectual property, you should be familiar with security features such as digital signatures and certificate authorities. For more information on these cutting edge security measures, click: http://www.ThomasRegional.com/newtrd/newsletter.html?id=976224593

Source: Protect yourself from the World Wild Web
Rene Hamel
Advanced Manufacturing
http://www.advancedmanufacturing.com/security.htm