Hack Proofing Your E-Commerce Site: The Only Way to Stop a Hacker Is to Think Like Oneby L. Brent Huston, Ryan Russell, Oliver Steudler
This book shows readers - whether they work for a Fortune 500 company or run their own small Web-based store - how to protect themselves and their businesses from the ever-increasing threat of hackers. It provides insights into the tools and techniques that hackers use to compromise sites and gives Web architects and engineers instructions on how to use those insights… See more details below
This book shows readers - whether they work for a Fortune 500 company or run their own small Web-based store - how to protect themselves and their businesses from the ever-increasing threat of hackers. It provides insights into the tools and techniques that hackers use to compromise sites and gives Web architects and engineers instructions on how to use those insights to design and implement better security measures. Beginning with the story of how one hacker managed to cripple the Web, it covers secure credit card transactions, content networking, redundancy and reliability, and security secrets, as well as configuring Cisco's LocalDirector and DistributedDirector.
- Syngress Publishing
- Publication date:
- Product dimensions:
- 7.43(w) x 9.19(h) x 1.71(d)
Read an Excerpt
Chapter 1: Applying Security Principles to Your E-Business
Solutions in this chapter:
- Security as a Foundation
- Applying Principles to Existing Sites
- How to Justify a Security Budget
- Security as a Restriction
- Security as an Enabler
- Solutions Fast Track
- Frequently Asked Questions
IntroductionSecurity in the virtual world of the Internet is even more confusing than in the real world we inhabit. Buzzwords and marketing hype only serve to add to the puzzle. Vendors and free products abound, but according to the experts, the Internet world is becoming more dangerous every day. How can that be? How can all these solutions from so many directions not solve even the basic problems?
The answer is not simple because the problems are so complex. Security is difficult to create and maintain. Security is messy. The problem is that the online world was built around a system of protocols and rules, but unfortunately, those rules are not always followed. The complexity of today's computer systems and software applications often creates programs that act in a manner unforeseen by the Internet's operational guidelines. Add to that scenario a few humans who insist on testing the rules and purposefully acting unexpectedly, and you have a huge potential for a rather large mess.
Attaining and maintaining suitable levels of security also requires resources. It requires people with the technical and business skills in balance. It requires time, energy, and of course, money. Security is not cheap. Products and training and doing things the right way are usually more expensive in the short term than taking shortcuts and cutting corners, but in the long run, security protects the assets that your organization depends on for survival.
Given all these dynamics, the concept of security can be seen as an ever-changing ideal that encompasses these threats and adapts as they adapt, like a living process. Security is most assuredly a journey and not a destination.
The easiest starting point on that journey is from the ground up. In the e-commerce world, those who benefit the most from security's elusive protections are those who started the process with security firmly in mind. While it is possible to apply security to existing sites, the implementation is often more difficult than starting the process anew.
In this chapter, we discuss how to bring security into focus from the start, what roles it should play, and how to get it included in the budget of a project. We also talk about how to justify its ongoing existence and measure its successes. For those of you who are tasked with defending an existing e-commerce site or other Web presence, we will explore the roles you should play in your organization and the process by which you can improve your site's security posture.
Security as a FoundationThe easiest, and many agree, the best way to create a secure environment is to start with security in mind. This means applying the principles of secure operation as the foundation upon which the rest of the project will be built. The primary principles of security are confidentiality, integrity, and availability. To succeed, the project must address these principles in all phases and applications.
ConfidentialityConfidentiality is the most widely known of the principles. Businesses have been dealing with confidentiality since commerce began. Today, it is a basic expectation of consumers that their personal information will be protected from disclosure. Vendors also expect a level of confidentiality to protect custom pricing, custom scheduling, and contractual details of their transactions with your company. Yet, as widely accepted as the concept of confidentiality is, it remains difficult to execute. Companies are in the news regularly because information about clients, vendors, or the politics of business relationships has become known.
Towards the end of 2000 a prominent U.S. hospital discovered that its security infrastructure had been breached and the confidentiality of 5,000 patient records had been violated. The risks to confidentiality do not stop with access to data; credit card details are illegally obtained from Internet facing systems, then used or sold, with alarming frequency. Some analysts have estimated that online credit card fraud incurs damages worldwide to the tune of $9 billion annually. Information is possibly one of the most valuable assets most companies possess; losing it or caring for it negligently could spell disaster and possibly even ruin.
If your company had exposed the records of these clients, what would the damage to your bottom line have been? How would your company deal with such a situation?
IntegrityIntegrity is perhaps the most difficult of the principles to achieve, yet it is the most vital of the three. Businesses must manage and maintain the integrity of the information with which they are entrusted. Even the slightest corruption of that data can cause complete chaos. The myriad of decisions based upon that integrity range from the basic business operation to the growth plans of the business long term. Over the centuries, various methods have evolved for building and maintaining the integrity of information. The double entry accounting system, the creation of jobs such as editors and proofreaders, and the modern checksum methods are all technical advances aimed at creating integrity. Yet, even with these modern tools and all the attention paid to the process over the years, integrity remains one of our greatest concerns. Integrity is something we almost take for granted. We assume that the database system we are using will maintain the records of our sales correctly. We believe that our billing system is smart enough to add the items on a customer's bill. Without some form of integrity checking, neither of these situations may be true. Integrity of information can have an even larger impact on an organization.
Imagine a computer virus that infected your accounting systems and modified all the sevens in your Excel spreadsheets, turning them into threes. What would the effect of those illicit modifications mean to your business? What steps would your organization take to recover the correct figures and how would you even discover the damage?
AvailabilityLast, but not least, of the three principles is availability. Availability is the lifeblood of any business. If a consumer can't get to your business to purchase your goods, your business will soon fail. In the e-commerce world, where every moment can directly translate to thousands of dollars in sales, even downtimes of less than an hour can do immense financial damage to a company. Consider the amount of damage done to your company if your Web site became unavailable for four hours, which is the length of time that most vendors used as a benchmark for turnaround time in the pre-Internet world. Such an outage in e-commerce could cost tens of thousands of dollars, as we will see in Chapter 2. How long could your company continue to do business if your Internet presence was destroyed? How much money per hour would your organization lose if you could not do business online?
Security also entails a three-step process of assessment, revision, and implementation of changes (see Figure 1.1). This continual process of evaluation and feedback is necessary to adapt processes and products to the ever-changing conditions of the online world. As hackers examine existing software and hardware systems and discover new vulnerabilities, these vulnerabilities must be tested against your own systems and changes made to mitigate the risks they pose. The systems must then be tested again to ensure that the changes did not create new weaknesses or expose flaws in the systems that may have been previously covered. For example, it is fairly for common for software patches and version upgrades to replace configuration files with default settings. In many cases, this opens additional services on the box, or may re-enable protocols disabled by the administrator in a previous configuration. This ongoing process of evaluation strengthens the three principles and ensures their continued success.
Based on these ideas and the scenarios that can occur when the three principles are not managed well, you can see why building security from the ground up is so important. Building the three principles into a business certainly requires work and planning. Security is neither easy to accomplish nor easy to maintain, but with proper attention, it is sustainable.
Presenting Security As More Than a BuzzwordSecurity must be more than a buzzword or a group within your organization. Security needs to be on the mind of every employee and in the forefront of the day-to-day operations. Security staff members need to work as partners or consultants to other groups within the company. They need to remain approachable and not be seen as "Net cops" or tyrants. They need to allow for dialogue with every employee, so that they can make suggestions or bring to their attention any events that seem out of place.
Security works best when all employees are attentive to situations that may expose customers to danger or the site to damage. The key to achieving this level of awareness is education. Education is the tool that disarms attackers who prey on miscommunication, poorly designed processes, and employee apathy. Such attacks, often called "social engineering" by hackers, can be devastating to a company and its reputation.
Tools & Traps�
Social EngineeringIn the average business there are a number of avenues ripe for social engineering exploitation. With the security focus often turned to the more romantic notions of stealthy hacks and exotic code, the more prosaic methods of bypassing security are often neglected. Unfortunately, attempting to prevent social engineering can be a double-edged sword. Processes and procedures aimed at reducing the possibility of social engineering can do as much harm as good, driving users to ignore them due to their overly rigid and complex implementation. This said, there are a number of areas that are commonly open for abuse, including the following:
Since social engineering is such a dangerous weapon in the attacker's toolkit, it only makes sense to educate yourself about it. Here are some Web sites where you can learn more about social engineering:
- Passwords Overly complex passwords are often written down and easily accessible. More memorable passwords, however, are often a greater risk because simpler passwords such as a husband's first name are easily guessed. Some companies employ strong authentication that requires the user to use a combination of a password and a number generated by a special token which the user possesses.
- Support Services When a user calls a help desk or a network engineer for support, the authenticity of the user is often taken for granted. A negligent help desk could easily respond to a request for a password change for a user's account without a guarantee that the caller is who he says he is. In this scenario the hacker typically leverages the anonymity provided by a telephone or e-mail message. Using a similar angle, a hacker could pretend to be part of the support services and during a phony "support" call obtain a user's logon ID and password.
- Physical Access Without adequate physical security a hacker or even a non-technical criminal with a confident bearing can walk directly into an office and begin using computer systems. In fact, a case reported in China detailed how a man walked into a securities firm posing as an employee and used an unsecured terminal to affect stock prices and the stability of the Shanghai stock market.
Remember, too, that social engineering may be used to attack more than your computer security. It is a wide-ranged tool used for fraud and privacy violations as well, or can be used to gather information to plan a larger attack.
The best way to defend against these attacks is to educate your employees on your policies regarding security and customer privacy. They also need to see those policies being followed by all members of the team, from management down to the entry-level employees. They need reminders, refreshers, and periodic updates whenever changes to the procedures are made. In other words, security has to be an attitude from the top down. The highest levels of management must support the policies and their enforcement for long-term success to be achieved and maintained.
The security team also requires the support of management. A universal attitude of cooperation must be presented and maintained across all lines of business with the security group. Every employee needs to feel that the security group is approachable and they should have no fear of reporting things that seem suspicious. Employees need to know exactly whom to contact, and they need to be treated with respect instead of suspicion when they talk to the security team and its members.
The Goals of Security in E-CommerceSecurity plays a very important role in e-commerce, and is essential to the bottom line. While e-commerce done correctly empowers your company and the consumer, e-commerce done poorly can be devastating for those same participants. The goals of security in the commerce process must be to:
- Protect the privacy of the consumer at the point of purchase.
- Protect the privacy of the customers' information while it is stored or processed.
- Protect the confidential identity of customers, vendors, and employees.
- Protect the company from waste, fraud, and abuse.
- Protect the information assets of the company from discovery and disclosure.
- Preserve the integrity of the organization's information assets.
- Ensure the availability of systems and processes required for consumers to do business with the company.
- Ensure the availability of systems and processes required for the company to do business with its vendors and partners.
Any security measures you implement without a policy become de facto policies. A policy created that way was probably created without much forethought. The problem with unwritten policies is that you can't look them up, and you don't know where to write the changes.
Planning with Security in MindBuilding the foundation from a secure starting point is very important. For this reason, the three principles have to be applied to the process from the beginning stages of planning. Examine the business plan and apply the aspects of confidentiality, integrity, and availability. Ask your staff and yourself questions such as:
- How are we going to ensure the confidentiality of our customers?
- How will we protect our business information from disclosure?
- What steps are we taking to double-check the integrity of our data gathering?
- What processes are we using to ensure that our data maintains integrity over time?
- How are we protecting ourselves against the loss of availability?
- What are our plans for failure events?
Spend time thinking about the threats to your site. Profile the flow of likely attacks and determine the probable ease of their success. For example, if an attacker wanted to gather customer financial information, could he or she simply compromise your Web server and gain access to it? There have been countless examples of situations exactly like this one, where what should have been a simple Web server compromise ended up exposing sensitive customer data to the attackers. Had those credit card numbers and other information been stored on a separate machine, or better yet, on a more protected network segment, the attacker may not have been able to harvest it. Avoid single points of failure. Ensure that compromise of one network component does not jeopardize your entire operation. Apply these scenarios to each step of the plans and revise them until you have resolved the apparent issues.
An example scenario for this process might include something like this: If an attacker used the latest exploit of the week to gain access to your Web server, what other systems could be easily compromised? In a recent, all too real example, a client called me when this had happened. The attacker had used the Unicode exploit (See Rain Forest Puppy's page at www.wiretrip.net/rfp/p/doc.asp?id=57&iface=6 for more details on Unicode.) against my client's Web server to gain access to the file system. After uploading a Trojan horse program, they quickly managed to grab the Repair password file and crack Administrator access to the system. Unfortunately, for my client, the attacker had compromised the system that they had designated to be the Domain Controller for all the Web server systems in the DMZ. They had chosen, unwisely, to deploy a Windows Domain for easier systems management of the Web servers and the server they used to allow vendors to pickup orders from their site. Also members of the same domain used their primary e-mail server and their ftp server. Each of these systems was, in turn, compromised by the attacker. By the time the damage had been discovered, each of these systems had to be removed from service and completely rebuilt. Their partners were advised of the damage, and they lost valuable time and money, not to mention confidence in their company by their partners. To date, that single mistake of making each of the systems a member of a Windows Domain instead of stand-alone servers has cost them thousands of dollars and several IT managers their jobs. Even small miscalculations can have large ramifications on security.
Understand that for every scenario and threat that you think of, dozens of others may exist or may come to exist in the future. Don't be alarmed if you feel like you have only thought of the most basic threats. This very act of preparation and scenario development will create large amounts of awareness to the issues encompassed in the three principles. In addition, your team's ability to handle security incidents down the road will be increased as you become more familiar with details of your business process.
At the end of this process, you should have some basic plans for your site. One of the best ways to organize this planned information is in a chart that details your risks and how you plan to mitigate them. An example is shown in Table 1.1. These examples are basic, and you should certainly have many more than this, but it is a start to give you the idea of a framework.
Security during the Development PhaseThe steps involved in translating the plans established into actual products and processes can be very dangerous to the security principles. Often, compromises must be made to facilitate budgets, timeframes, and technical requirements. Many times, these compromises impact the overall security of a project.
The single best way to ensure that the underlying security of the project remains intact through the development phase is through continual involvement. As each process or product is defined, apply the three principles to it and revise the definition to answer the scenarios you created in the planning process. If compromises must be made that impact the security of the project, carefully profile those changes and create a list of the risks involved in them. This list of risks will become important in the implementation phase, as it gives you a worksheet for problems that must be mitigated through the combination of technology, policy, and awareness. Often, compromises in key areas will have a major impact on attempts to secure other dependent areas. Be sure that attempts to save a dollar when building an underlying component doesn't cost you ten in trying to patch the pieces sitting on top.
Each process and product must be carefully examined to define the various risk factors involved. Attention to detail is highly important in this step, as is the cross-examination of a process or product by the various team members. Each of the team members will have his or her area of concern, and thus will bring a different angle of examination to the table. This cross-examination, or "peer review," often creates stronger designs and more secure solutions. In fact, peer review can be a very helpful tool in your policy creation tool box as well. The whole concept is to pass each policy or development process by each team member allowing each to comment on the process or policy from their point of view. At the end, someone, usually the original author, edits all the commentary back into the policy or process to create a better end product. Peer review is often done across the board for policies, technical information, and new processes before they are released to the general public....
and post it to your social network
Most Helpful Customer Reviews
See all customer reviews >