Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

eBUSINESS SECURITY

Posted on 2006-06-08
7
Medium Priority
?
416 Views
Last Modified: 2010-04-11
what are the most problems or issues  with security regards E business ...
0
Comment
Question by:mhho
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 7

Assisted Solution

by:Okigire
Okigire earned 1200 total points
ID: 16863635
eBusiness or no-eBusiness, similar issues exist.  Protect your source and log files, so that people can't just get a list and download them.  Sometimes it's as simple as adding an "index.html" file in the directory, or turning off the server option to list files.  One great method is to use a couple dispatch files to access other program functions hidden away in a different directory.

Make sure your web server is up-to-date with any exploit/holes/bugs patched up.  If it's discovered you're using an old version of web server (and it isn't hard to find out), they may discover a hole which would let them get access you didn't expect them to have.  This could mean accessing your data directly and manipulating or stealing it!

Protect yourself properly against spoofing so people can't just copy part of your source, edit it and get access to other parts of the system you didn't expect them to.  Protect your files and databases!  You don't want somebody walking into your database, gaining access to steal information or add unnecessary stuff.

Backup backup backup... web servers go down, hardware fails, and we know the rest of the story.  Always backup your stuff.  Depending on how you set it up, also guard against other system users from gaining access to your files as well.  That would be horrible as they're no more innocent than the external guy breaking into your system.

A security/SSL certificate also helps.  It encrypts the traffic so that data sent/received is hidden away from prying eyes.

There is no magical solution, other than to always be informed.  Know what your system is, how it's set up, what it contains, and ongoing news about the stuff you have.  The better informed about what you use and how it exists in the industry, the better off you'll be.
0
 
LVL 11

Accepted Solution

by:
prueconsulting earned 200 total points
ID: 16870494
Configuration Management.. Ensure that all changes are tracked so when something changes and breaks things you know what happened.

Defense in Depth.. Apply multiple layers of security to help mitgate the risks

Turn off All unrequired services and remove them if possible. Only allow the bare essentials required to do the job.. Nothing more nothing less.

0
 

Author Comment

by:mhho
ID: 16877273
if I want to use  SecurID token  what are pros and cons ?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 16879773
are you using some public services like email and/or web?
then there're a lot of things to do additional to the above suggestions.
Please specify more detailled what you mean by "eBusiness,"?
0
 

Author Comment

by:mhho
ID: 16881340
VPN for the website....
0
 
LVL 7

Assisted Solution

by:Okigire
Okigire earned 1200 total points
ID: 16881882
VPN for the website?  Can you explain a little more what you're trying to do?

It sounds like you'd like to make a web gateway into your internal web network.  Usually people use VPN to access the entire network (NOT just web).

SecurID is only one of many two-factor authentication tools.  The pros are increased security, with the cons possibly price and implementation.

Let us know what you current setup is, and what you want to do, and I'm sure we can give you a better suggestion from there.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16909383
> SecurID is only one of many two-factor authentication tools.
2-factor if both secrets go through one and the same wire? How does this work (beside marketing gimicks)?
Yes it is something you have and something you know, but in the end both are on the same wire!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question