Download presentation
Presentation is loading. Please wait.
Published byGwen Rich Modified over 9 years ago
1
An Introduction to E-Commerce Security By Graham Mead
2
Security Strategies Enforce Secure Passwords by Design. Don’t trust users are who they say they are, unless they can prove it. PCI Data Security Standard https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/ ISO/IEC 27001 (risks to information assets)
3
Secure Transfer Methods HTTPS, SSH, SFTP. These protocols use encryption. They allow you to transfer data securely. Use the ‘High’ encryption level for Remote Desktop. This uses a 128 bit key. Never use telnet, http or ftp to login. These are insecure protocols.
4
Default Security is Weak Configuration found in Admin Tools -> Terminal Services Configuration. Change the Encryption drop down box to at least High.
5
HTTPS Example Click on the padlock to see this window. The White box would display the address of the web site. The Green box would
6
Implementing Security Mod_security http://www.modsecurity.org/ can filter out bad traffic and help protect web applications.http://www.modsecurity.org/ mod_ssl allows the HTTPS protocol to be used with apache.
7
Mod Security Over 70% of all attacks now carried out over the web port. (modsecurity) Mod Security is a web application layer firewall. It can be used to help protect web sites. Two example alerts can be seen in the image below. First it protects against a directory listing, that could be valuable to an attacker Secondly it protects against an SQL Injection attack.
8
Security is Everyone's Responsibility. Don’t be the weak link.
9
References http://www.modsecurity.org/documentation /faq.html#d0e47 (modsecurity.org 2007)http://www.modsecurity.org/documentation /faq.html#d0e47
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.