Security architecture for e-business

Security architecture for e-business
Michelle Johnston

Security for your e-business is a de-facto must. You have to keep your corporate interests intact, and you have to keep the bad guys out of your e-business site, while letting the good guys (your customers, e.g.) in. In this tip, excerpted from InformIT, Michelle Johnston, e-business expert, talks about security considerations in the technical design of your site.

Security is a massive topic. To be effective, the security policy of an organization must be enforced at every level of the technical architecture, and must be reinforced via business policies and procedures.

Web server hardware should be kept in a secure room, free of environment hazards, with access controls, air conditioning, and so on. Firewalls and proxy servers must be configured to prevent unauthorized access and to keep out malicious content (this should include the disabling of any ports that don't need to be open, and careful control of those that do).

Network configurations and password control should be effectively managed and monitored.

Audit logs should be kept of all failed attempts to gain access to the system. Virus-checking software should be installed on file servers, hard disks, and so on before any device or computer is allowed access to the network. Web server software-access controls should be carefully managed; virtual directories should be created and maintained carefully in the light of security issues.

Operating system permissions (on files and directory structure

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

The use of SSL to manage interactions between the browser and the Web server can help protect sensitive data being sent to and from the Web. ActiveX controls should only be used in situations where they're absolutely necessary, and even then with a great deal of caution and control over what they can and cannot do. Digitally signing an ActiveX control only provides the user with confidence that he or she can download it; it doesn't ensure that the ActiveX control cannot cause unexpected damage or provide a backdoor into the system.

Remember that security is a journey, not a destination--new security "holes" are found in software components all the time, new viruses appear daily, and complacent companies are the hacker's dream.

To read all of this tip on technical architecture for e-business, click over to InformIT. You'll have to sign up there, but it's free.

Did you like this tip? Why not drop us a line and let us know.

Related Book

Delivering Security and Privacy for E-Business
Author : Anup Ghosh
Publisher : John Wiley & Sons
Published : Feb 2001
Summary :
An in-depth look at the pressing issues involved in protecting an e-business from external threats while safeguarding customer privacy.