An Introduction to E-Commerce Security By Graham Mead.
Transcript of An Introduction to E-Commerce Security By Graham Mead.
![Page 1: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/1.jpg)
An Introduction to E-Commerce Security
By Graham Mead
![Page 2: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/2.jpg)
Security Strategies
• Enforce Secure Passwords by Design.
• Don’t trust users are who they say they are, unless they can prove it.
• PCI Data Security Standard https://www.pcisecuritystandards.org/
• ISO/IEC 27001 (risks to information
• assets)
![Page 3: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/3.jpg)
Secure Transfer Methods
• HTTPS, SSH, SFTP.
• These protocols use encryption.
• They allow you to transfer data securely.
• Use the ‘High’ encryption level for Remote Desktop. This uses a 128 bit key.
• Never use telnet, http or ftp to login. These are insecure protocols.
![Page 4: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/4.jpg)
Default Security is Weak• Configuration found in Admin Tools -> Terminal Services
Configuration.• Change the Encryption drop down box to at least High.
![Page 5: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/5.jpg)
HTTPS Example• Click on the padlock to see this window.• The White box would display the address of the web site.• The Green box would
![Page 6: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/6.jpg)
Implementing Security
• Mod_security http://www.modsecurity.org/ can filter out bad traffic and help protect web applications.
• mod_ssl allows the HTTPS protocol to be used with apache.
![Page 7: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/7.jpg)
Mod Security
• Over 70% of all attacks now carried out over the web port. (modsecurity)
• Mod Security is a web application layer firewall.• It can be used to help protect web sites.• Two example alerts can be seen in the image below.• First it protects against a directory listing, that could be
valuable to an attacker• Secondly it protects against an SQL Injection attack.
![Page 8: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/8.jpg)
Security is Everyone'sResponsibility.
Don’t be the weak link.
![Page 9: An Introduction to E-Commerce Security By Graham Mead.](https://reader036.fdocuments.us/reader036/viewer/2022082713/5697c0291a28abf838cd73b2/html5/thumbnails/9.jpg)
References
• http://www.modsecurity.org/documentation/faq.html#d0e47 (modsecurity.org 2007)