The current standard for the security of online transactions is Secure Sockets Layer (SSL) encryption. This protocol encrypts the transaction data as it passes through the Internet. However, a digital certificate is needed to verify the merchant's identity. You probably will want to obtain your own certificate from one of the two largest and most widely supported issuing authorities, VeriSign and Thawte. VeriSign's pricing is somewhat higher than Thawte's, but the VeriSign certificate is supported by a larger number of older browsers.
You’ll most likely be told flatly Unix based servers have better security. Mainly because these operating systems have consistently been reliable while Windows is a big target for exploitation. Hosting wise it boils down to one thing. No matter how secure the operating system is, your site cannot be secure if your host has not configured it correctly and isn’t updated often or swiftly.
Ask anyone professionally involved with computers and the Internet and they will readily acknowledge the vital importance of data security. Security experts are also quick to point out that cyberattacks are increasing at an astonishing rate (though somewhat self serving, their observation is practically an understatement!). However, our biggest concern in the very near future may not be the high number of attacks but rather the sophistication of the intrusions and the increasing points of entry that must be defended against. So, we decided it was time we took a closer look for ourselves at this moving target called Data Security.
Historically, amateur hackers and disgruntled company insiders have posed the biggest threats to computer networks. In fact, more than one third of all corporate computer crime is the result of unauthorized access by insiders, according to the 2002 survey by the Computer Security Institute/Federal Bureau of Investigation. From the outside, potent viruses like the Nimda worm and Code Red were merely the notorious products of pesky amateur programmers.
But things can change quickly, especially in the post-9/11 world of network security. Now, in addition to amateurs, we’re facing the specter of attacks from highly motivated expert programmers bent on cyber-terrorism. We just don’t know what new kinds of blended threats we may face. That’s disturbing when you understand that data security is a reactive technology – which means that threats have to become known before developers can defend against them. Unfortunately, this potential new wave of hackers comes at a time when the traditional firewall may soon become obsolete – no matter how good it is. With the proliferation of wireless networks and virtual private networks, intruders will be able to use these connections as well as Web protocols to gain access to sensitive data without the need to breach perimeter defenses such as a firewall.
So what’s the answer? Well, developers have realized that it’s time to start thinking outside the firewall. One approach is the development of early-warning systems that use heuristic analysis, rather than known virus signatures, to detect abnormal behavior. Thus the ability to react to a previously unknown threat in real time. A company called Entercept has a product that uses heuristic analysis to recognize abnormal network activity and immediately block server resources from the attack. This is quite a leap forward from merely generating a log and notifying system administrators who would be hard pressed to react nearly fast enough to avoid serious harm. To deal with guarding multiple points of entry on today’s networks, Internet Security Systems has been developing their RealSecure platform to automatically apply software patches to both servers and clients whenever vulnerabilities are identified. In theory, administrators would no longer have to apply patches manually but instead would rely on a self-healing platform that functions similarly to the human immune system in that it identifies threats and fights back in real time.
Still, even these revolutionary measures aren’t much defense against the determined insider attempting to steal company secrets or divert funds or stocks. One company, Savvydata, Inc., is aggressively targeting this type of threat with a security program called RedAlert, which is specifically designed to block crooked or angry insiders from doing harm. RedAlert can protect sensitive data in a variety of applications from being accessed, printed, emailed, copied or saved to a disk by an unauthorized employee on the network and provide a secure audit trail. It can also lock down data in unaccounted for laptops. Although it may not be able to block an executive with high-level access, it will generate an alert and leave a clear audit trail as a deterrent.
With the rapid evolution of today’s hardware and software, it would be naïve to expect that today’s tried-and-true firewall solutions represent the endgame in network security. But rest assured that quantum leaps in security applications are rapidly becoming available to hopefully deal effectively with tomorrow’s unknown threats. One thing is for sure – now is always a good time to re-evaluate your own security measures and get better informed on new security tools available to protect your sensitive data.
