Manualshelf

Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23
301302303304305306307308309310
and should only contain information that either needs to be provided to the public or has
recently been collected from the public.
To reduce the risk of exposure, you need to limit the methods by which information can be
accessed and limit the people who can access it. This involves designing with security in mind,
configuring your server and software properly, programming carefully, testing thoroughly,
removing unnecessary services from the Web server, and requiring authentication.
Design, configure, code, and test carefully to reduce the risk of a successful criminal attack
and, equally important, to reduce the chance that an error will leave your information open to
accidental exposure.
Remove unnecessary services from your Web server to decrease the number of potential weak
points. Each service you are running might have vulnerabilities. Each one needs to be kept up-
to-date to ensure that known vulnerabilities are not present. The services that you do not use
might be more dangerous. If you never use the command rcp, why have the service installed?
1
If you tell the installer that your machine is a network host, the major Linux distributions and
Windows NT install a large number of services that you do not need and should remove.
Authentication means asking people to prove their identity. When the system knows who is
making a request, it can decide whether that person is allowed access. There are a number of
possible methods of authentication, but only two commonly used formspasswords and digi-
tal signatures. We will talk a little more about both later.
CD Universe offers a good example of the cost both in dollars and reputation of allowing con-
fidential information to be exposed. In late 1999, a cracker calling himself Maxus reportedly
contacted CD Universe, claiming to have 300,000 credit card numbers stolen from their site.
He wanted a $100,000 (U.S.) ransom from the site to destroy the numbers. They refused, and
found themselves in embarrassing coverage on the front pages of major newspapers as Maxus
doled out numbers for others to abuse.
Data is also at risk of exposure while it traverses a network. Although TCP/IP networks have
many fine features that have made them the de facto standard for connecting diverse networks
together as the Internet, security is not one of them. TCP/IP works by chopping your data into
packets, and then forwarding those packets from machine to machine until they reach their des-
tination. This means that your data is passing through numerous machines on the way, as illus-
trated in Figure 13.1. Any one of those machines could view your data as it passes by.
E-commerce and Security
P
ART III
284
1
Even if you do currently use rcp, you should probably remove it and use scp (secure copy) instead.
17 7842 CH13 3/6/01 3:36 PM Page 284