Secure sites and "Security"
January 5th, 2007 at 12:32 pm   starstarstarstarstar      

Hi.  After discussing this for the millionth time (note the sarcasm) -- I thought I'd drop a line about security.

 

 Any e-commerce site should be have an SSL security certificate provided by a company like Verisign, Thawte, or another reputable company.  However that does not make your site 100% secure.

 

 The only thing that SSL certificate does is make sure that when you submit a form online that the information is encrypted.  This means if someone is somehow monitoring or "sniffing" your internet activity -- the information should not make sense.  It's "scrambled".

 

Without boring you with technical facts the only real threat of "sniffing" your traffic is INSIDE your network.  Meaning your internal network.  Like another user in your local coffee shop trying to steal your passwords while they drink coffee in plain view of you.  Once your information hits the actual superhighway, it's nearly impossible to grab or steal this information because it's like finding a needle in a haystack.  Most people are at their home or office and this isn't a huge risk. 

 

Some of the more realistic risks are things that have nothing to do with the SSL certificate.  In fact the most exploited security holes are due to poor programming.  That's why you see so many differences in the cost of programming.  It's one thing to write a program or web application.  It's a completely different thing to write an application with security in mind.

 

Something as simple as a poorly written web form can allow a hacker to send mass mail anonymously, attack other web sites, or worse -- completely take over your web server(s).

 

Open source products are constantly fighting this threat because their source code is available for anyone to view.  So a hacker can take their time to figure out the best way to attack anyone using this software.  Many people are being pushed into an open source e-commerce product called "Zen Cart" because it's "FREE" and it reduced the cost of their site.  However, what do you do about security?  An SSL certificate?  Not even a firewall will keep someone from taking advantage of a software hole.

 

Here at Website Forge we handle security from several approaches.....

 

First we have a hardware firewall on the network.  There are some active countermeasures built into this hardware firewall.  Next we have software firewalls configured on the linux operating systems. 

 

Then our cluster software has an application that will actively monitor scripts that attempt to do things they were not designed to do. 

 

Our coding is first class -- designed from the ground up to resist the most common types of attacks.  Each web site is securely isolated from each other so that any malicious activity on one site cannot harm another site.

 

To go a step further, each time we do detect a hacking attempt, we modify our own intrusion detection software to identify that type of attack and take countermeasures. Our intrusion detection software and configurations are also proprietary. 

 

And finally the Website Forge system is not "open source" so you don't need to worry about every hacker having a roadmap on how to ruin your day.

 

Now let's discuss what we are actually protecting.  What ARE you worried about?  Hacks generally result in two things:

 

1.  Your web site may be defaced.

 

2.  Sensitive data like credit cards may be stolen.

 

So what do you do?  Well, the vast majority of e-commerce systems store credit card information on the web server.  So that is always a risk.  Defacement really just ticks people off but does not cause a great deal of harm if caught quickly.

 

With a Website Forge web site we handle these issues specifically.  First, we do not by default store ANY credit card information on the servers.  Once the transaction is complete the credit card information is cleared and only your credit card merchant provider stores that information.  Second, we do backups every 4 hours.  So any defacement can be handled very quickly.

 

There are a few other security measures we take -- however, I won't list them because of their technical nature.

 

Oh yeah!  and one last thing.  Anyone that claims that your web site is 100% secure just because it's running on a Linux operating system is simply not telling you the truth.  Linux is very secure.  However for the very same reasons I explain above -- your site can be just as vulnerable as a windows hosted web site.

 

I hope this clears up some misconception about Security.

 

Shane Merem
www.websiteforge.com
Website Design and E-commerce

Posted in E-commerce, Payment Processing, Website Design by Shane Merem
< Return to Post List
Name * 
Email * 
Rate This Post  
Spam Protection 
What is David's name?
Send to Kindle
All Categories
Social Media
Inspiration
WebsiteForge is your unfair advantage
Series; Let's Make sense of analytics
Non Members
E-commerce
E-mail
Important Notifications
Just for Fun
New Feature Ideas
Payment Processing
Tips and Advice
Uncategorized
Website Design
Website Forge Upgrades
Archives
November  2021
August  2021
November  2020
October  2020
September  2020
August  2020
July  2020
June  2020
May  2020
February  2020
August  2019
March  2019
January  2019
November  2018
September  2018
August  2018
July  2018
June  2018
May  2018
April  2018
March  2018
February  2018
January  2018
December  2017
November  2017
October  2017
September  2017
June  2017
May  2017
March  2017
January  2017
November  2016
September  2016
August  2016
March  2016
February  2016
November  2015
October  2015
September  2015
July  2015
June  2015
April  2015
February  2015
December  2014
November  2014
October  2014
August  2014
July  2014
August  2013
March  2012
January  2012
December  2011
September  2011
August  2011
July  2011
June  2011
May  2011
February  2011
December  2010
November  2010
October  2010
August  2010
June  2010
May  2010
March  2010
September  2009
August  2009
July  2009
May  2009
April  2009
March  2009
February  2009
January  2009
December  2008
November  2008
October  2008
September  2008
August  2008
July  2008
June  2008
May  2008
April  2008
March  2008
January  2008
December  2007
November  2007
October  2007
August  2007
July  2007
June  2007
May  2007
April  2007
March  2007
February  2007
January  2007
December  2006
January  2006
August  2005
March  2005
February  2005
January  2005
December  2004