Chapter 15 E-commerce Security Issues
Secure Web Servers
You can use the Apache web server,Microsoft IIS,or any number of other free or com-
mercial web servers for secure communication with browsers via Secure Sockets Layer.
Using Apache enables you to use a Unix-like operating system,which is almost certainly
more reliable but harder to set up than IIS.You can also,of course,choose to use Apache
on a Windows platform.
Using SSL on IIS simply involves installing IIS,generating a key pair, and installing
your certificate.Using SSL on Apache requires installing three different packages:
Apache, Mod_SSL,and OpenSSL.
You can have your cake and eat it too by purchasing Stronghold. Stronghold is a
commercial product available from http://stronghold.redhat.com/ for around $1,000
(U.S.).Based on Apache, it comes as a self-installing binary preconfigured with SSL.This
way, you get the reliability of Unix and an easy-to-install product with technical support
from the vendor.
Installation instructions for the two most popular web servers,Apache and IIS,are in
Appendix A,“Installing PHP5 and MySQL5.” You can begin using SSL immediately by
generating your own digital certificate,but visitors to your site will be warned by their
web browsers that you have signed your own certificate.To use SSL effectively,you also
need a certificate issued by a certifying authority.
The exact process to get this certificate varies between CAs,but in general, you need
to prove to a CA that you are some sort of legally recognized business with a physical
address and that the business in question owns the relevant domain name.
You also need to generate a certificate signing request (CSR).The process for this
varies from server to server.You can find instructions on the CAs’websites.Stronghold
and IIS provide a dialog box–driven process, whereas Apache requires you to type com-
mands.However, the process is essentially the same for all servers.The result is an
encrypted CSR.Your CSR should look something like this:
---BEGIN NEW CERTIFICATE REQUEST---
---END NEW CERTIFICATE REQUEST---
Armed with a CSR,the appropriate fee,and documentation to prove that you exist, and
having verified that the domain name you are using is in the same name as in the busi-
ness documentation,you can sign up for a certificate with a CA.
When the CA issues your certificate, you need to store it on your system and tell
your web server where to find it.The final certificate is a text file that looks a lot like
the CSR shown here.
Auditing and Logging
Your operating system enables you to log all sorts of events.Events that you might be
interested in from a security point of view include network errors,access to particular
data files such as configuration files or the NT Registry,and calls to programs such as
(used to become another user, typically root, on a Unix system).
Log files can help you detect erroneous or malicious behavior as it occurs.They can
also tell you how a problem or break-in occurred if you check them after noticing prob-
lems.The two main problems with log files are their size and veracity.
If you set the criteria for detecting and logging problems at their most paranoid lev-
els, you will end up with massive logs that are very difficult to examine.To help with
large log files,you really need to either use an existing tool or derive some audit scripts
from your security policy to search the logs for “interesting”events.The auditing process
could occur in real-time or could be done periodically.
In particular,log files are vulnerable to attack.If an intruder has root or administrator
access to your system,she is free to alter log files to cover her tracks. Unix provides facil-
ities to log events to a separate machine.This would mean that a cracker would need to
compromise at least two machines to cover her tracks. Similar functionality is possible in
Windows,but not as easy as in Unix.
Your system administrator might do regular audits, but you might like to have an
external audit periodically to check the behavior of administrators.
Firewalls are designed to separate your network from the wider world. In the same way
that firewalls in a building or a car stop fire from spreading into other compartments,
network firewalls stop chaos from spreading into your network.
A firewall is designed to protect machines on your network from outside attack.It fil-
ters and denies traffic that does not meet its rules.It also restricts the activities of people
and machines outside the firewall.
Sometimes,a firewall is also used to restrict the activities of those within it.A firewall
can restrict the network protocols people can use, restrict the hosts they can connect to,
or force them to use a proxy server to keep bandwidth costs down.
A firewall can either be a hardware device,such as a router with filtering rules,or a
software program running on a machine.In any case, the firewall needs interfaces to two
networks and a set of rules.It monitors all traffic attempting to pass from one network
to the other.If the traffic meets the rules, it is routed across to the other network;other-
wise,it is stopped or rejected.
Chapter 15 E-commerce Security Issues
Packets can be filtered by their type, source address,destination address, or port infor-
mation. Some packets are merely discarded;other events can be set to trigger log entries
You cannot underestimate the importance of backups in any disaster recovery plan.
Hardware and buildings can be insured and replaced, or sites hosted elsewhere,but if
your custom-developed web software is gone,no insurance company can replace it
You need to back up all the components of your website—static pages,scripts,and
databases—on a regular basis.Just how often you back up depends on how dynamic
your site is.If it is all static,you can get away with backing it up when it has changed.
However,the kinds of sites we talk about in this book are likely to change frequently,
particularly if you are taking orders online.
Most sites of a reasonable size need to be hosted on a server with RAID, which can
support mirroring.This covers situations in which you might have a hard disk failure.
Consider,however,what might happen in situations in which something happens to the
entire array,machine, or building.
You should run separate backups at a frequency corresponding to your update vol-
ume.These backups should be stored on separate media and preferably in a safe,separate
location,in case of fire,theft,or natural disasters.
Many resources are available for backup and recovery.We concentrate on how you
can back up a site built with PHP and a MySQL database.
Backing Up General Files
You can back up your HTML,PHP, images,and other nondatabase files fairly simply on
most systems by using backup software.
The most widely used of the freely available utilities is AMANDA,the Advanced
Maryland Automated Network Disk Archiver,developed by the University of Maryland.
It ships with many Unix distributions and can also be used to back up Windows
machines via SAMBA.You can read more about AMANDA at
Backing Up and Restoring Your MySQL Database
Backing up a live database is more complicated than backing up general files.You need
to avoid copying any table data while the database is in the middle of being changed.
Instructions on how to back up and restore a MySQL database can be found in
Chapter 12,“Advanced MySQL Administration.”
The security threats we have considered so far relate to intangibles such as software,but
you should not neglect the physical security of your system.You need air conditioning
and protection against fire,people (both the clumsy and the criminal), power failure,and
Your system should be locked up securely.Depending on the scale of your operation,
your approach could be a room,a cage,or a cupboard.Personnel who do not need
access to this machine room should not have it.Unauthorized people might deliberately
or accidentally unplug cables or attempt to bypass security mechanisms using a bootable
Water sprinklers can do as much damage to electronics as a fire.In the past, halon fire
suppression systems were used to avoid this problem.The production of halon is now
banned under the Montreal Protocol on Substances That Deplete the Ozone Layer,so
new fire suppression systems must use other,less harmful,alternatives such as argon or
carbon dioxide.You can read more about this issue at
Occasional brief power failures are a fact of life in most places. In locations with harsh
weather and above-ground wires,long failures occur regularly.If the continuous opera-
tion of your systems is important to you,you should invest in an uninterruptible power
supply (UPS).A UPS that can power a single machine for 10 minutes costs less than
$300 (U.S.).Allowing for longer failures,or more equipment,can become expensive.
Long power failures really require a generator to run air conditioning as well as
Like power failures,network outages of minutes or hours are out of your control and
bound to occur occasionally.If your network is vital,it makes sense to have connections
to more than one Internet service provider.Having two connections costs more but
should mean that,in case of failure,you have reduced capacity rather than becoming
These sorts of issues are some of the reasons you might like to consider co-locating
your machines at a dedicated facility.Although one medium-sized business might not be
able to justify a UPS that will run for more than a few minutes,multiple redundant net-
work connections,and fire suppression systems,a quality facility housing the machines of
a hundred similar businesses can.
In Chapter 16,we look specifically at authentication—allowing users to prove their
identity.We look at a few different methods,including using PHP and MySQL to
authenticate site visitors.
Documents you may be interested
Documents you may be interested