Thursday, August 25, 2011

Basic Security Issues For Conducting Business On The Internet

Conducting business on the Internet requires the consideration of various security issues. Security policy development, security awareness training, or the various other components of the CIA (Confidentiality, Integrity, and Availability) information security mantra will not be discussed, instead this article will focus on the basic types of security that businesses on the Internet need to address to secure their website from others with mal-intent.

microsoft security essentials download

An organization must initially assess its systems or functions and rate the operational criticality of each. The reason for this is that security implementations can be quite expensive and being able to determine the must have versus the nice to have through a risk based approach is vital to ensure that funds are directed towards the assets that are most at risk.

MICROSOFT SECURITY

In general terms, a business with a presence on the Internet has to protect its website/server, associated infrastructure, bandwidth, and its domain name. Internet service obtained through a service provider must be sufficient in bandwidth for expected traffic, have the ability to scale based on demand requirements, and, if possible, provide some level attack filtering before reaching the organization's network border. The next consideration would be to obtain a firewall system that provides for a semi-secure demilitarized zone (DMZ) interface on which to place public facing servers instead of on the private internal network. The firewall should also be resilient enough to be able to defend against denial of service (DOS) and other Internet based attacks. Internet traffic on the DMZ should be monitored via intrusion detection and/or prevention systems tied into an incident response plan in the event malicious activity is identified.

The business should also contact their domain name registrar and pay the additional fee so as to lock the domain name to prevent hackers from highjacking the web address by submitting a spoofed or forged domain name change request. Hardening the public or outside domain name server is also critical so that hackers do not gain access to it and change its entries to redirect your web traffic to an alternate unauthorized website (also a form of domain name highjacking). Once a domain name change is made and propagated throughout the Internet it could take several days to re-propagate a correction.

This article is not all inclusive and has not addressed other related subjects such as web server hardening or transactional security and non-repudiation for ecommerce, but its purpose is to convey an indication of the scope of required considerations in securing an organization's online presence.

Basic Security Issues For Conducting Business On The Internet

Written by Claudio LoCicero, M.S.

Over his career he has held several technical and management positions both in the United States and overseas within the private and government sectors.

He holds a Master of Science in Information Technology with an Information Security Specialization from a university designated as a National Security Agency Certified Center of Academic Excellence for Information Assurance. He also holds numerous professional certifications such as the Project Management Professional (PMP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Technology Infrastructure Library (ITIL) Foundation, along with several other professional certifications from Cisco, Microsoft, and the National Security Agency (NSA).

He is an active member of the International Information Systems Security Certification Consortium (ISC2), Information Systems Audit and Control Association (ISACA), Information Systems Security Association (ISSA), and the Project Management Institute (PMI).

MICROSOFT SECURITY

No comments:

Post a Comment