Chapter 5 – Website Security When you leave your house to go to work in the morning do you close and lock the front door? Or do you just leave it open? A very important factor is security of your web site and your computer systems. For many people security protection is often a case of, “The horse has gone … Quick bolt the door!”. The time to institute protective mechanisms is not after you have been hacked or robbed. It is before. Setting up security measures after someone had done you good and proper is like leaving your front door open with a big sign on it saying, “Rob me!”. Then, after someone obliges you by cleaning you out, putting a deadlock on the door. That is an altered sequence of actions and it’s insane! Unfortunately the self assured ‘It won’t happen to me’ attitude is supported by the fact that very few of the companies that do get hacked report it. More companies suffer security breaches than you would believe. However the resultant loss of confidence by the public in one’s security is enough to deter most companies from making the fact known they were hacked. Would you feel safe giving your credit card details to a company or bank that just announced they had all their clients information stolen from their website? I think not! One major bank customer recently received a Trojan virus on his machine, which was also a keyboard sniffer. A keyboard sniffer is a small program, which picks up the keys you press on your keyboard over a period of time. It then sends this information elsewhere when prompted. This sniffer picked up the passwords for the client’s bank accounts as he typed them in and the hacker then had access to the client’s accounts and was able to hack into the accounts and siphon funds into other accounts in preparation for laundering. The client in question did not have a firewall or virus checker on their computer system as protection so consequently their system was wide open. This only goes to illustrate the vital importance of having sufficient security in place to protect your systems. Security issues that should be addressed are: A Digital Certificate which gives you authenticity. Rather like signing your letterhead on line it can assign your identity to documents. It demonstrates the bona fides of your business. It provides a legal certainty by virtual of the authenticity of the certificate. Encryption to ensure that credit card information is secured and not accessible to hackers. Ensuring that the information you keep on your website is behind a secure server. Your webmaster will know how that is done. Employee security. Are your employees security conscious? Are they trustworthy? The most common security breaches originate from inside the company, usually carelessness but sometimes they involve employees that want to find out information or steal it, or have a misplaced emotional reason to vandalise the system. Restricting employees access to information on a ‘need to know’ basis has been prevalent in companies for many years. Data back up. What would happen if someone wiped out all your data on the site? Or stole it, such as credit card information for example. Or modified it detrimentally to your company? Is your data backed up on a regular or continuous basis? Password security. Are your passwords secured? Are they left on an open computer for any mild mannered hacker to get into? Do you keep your passwords off the computer and only input them when you need them? Such as on a floppy disk? Then just copy and paste so you do not have to use the keyboard to input passwords? At least one firewall to prevent attacks on your system. It is possible to have three or more Firewalls on the one system. This means that if a hacker gets past one he is then baulked by the next and so on. In addition each works in a different way so what one may let through another may stop. There is no 100% proof guarantee that you can keep out determined hackers but you can keep 99% out and that is usually sufficient. Most of the attacks are from what is known as script kiddies. These are usually young people with little or no experience at hacking and usually just take a program script from someone else and use that. Of course with a concerted attack by thousands on the firewall (such as occurred with Yahoo one time) there can be a breakdown but this is very unlikely unless your are seen as a fruitful and easy target or have incurred the wrath of a competent hacker. As well as software firewalls there are also hardware firewalls, more expensive perhaps but considerably more effective. AntiVirus software. Macaffe or Nortons are examples of AntiVirus software that you can employ on your system. There are many others but one should certainly have at least one and keep it updated on a regular basis. How big a risk are you? Risk management plays a part here. The larger and more successful the business you are the more risk there is. A small one man business that simply runs a web site to introduce his business, most of which is done off line, is at far less risk than a large merchant processing thousands of credit card orders each day with teams of employees, running a large LAN (local area network - where a heap of computers or terminals are connected together with a central point coordinating and processing the work). How much time, effort and money you put into your security is up to you but it should be commensurate with the size, type and style of business you are running and the potential losses that may occur if you don’t.
kind regards, Michael @fastmail.fm http://gold-today.com http://goldcenturypress.com http://www.ksw-club.com http://mikemoore1.plugusin4cash.com/ recommends Fastmail.fm for all your email needs. Checkout www.fastmail.fm and use our email as a referral --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.