| |July 202019an easy path for the malicious users to abuse. It is ad-vised to always disable all the unnecessary network services and speeds-up the server performance. II. Securing the Remote Access: It is advised that server administrators should always connect to cor-porate servers locally over public wireless network or public devices. If connecting using remote access, it is important to secure the connection using tunneling and encryption protocols. Use of security tokens and single sign-on equipment are good practices to shield the web servers. The access of remote servers should be restricted to a few accounts or IPs. III. Isolated Testing of Web Applications: The web application developers need to develop specific inter-nal applications that give access to the web applica-tion, databases and other web server resources only to the web developers. After a web application is de-veloped, the company should ensure that its testing is not done on the production server. Since the web application is still at its primitive stage, its testing on the production server makes it visible to the cyber abuser and gives them easy access. It is ideal to de-velop and test the web servers offline.IV. Maintaining a Separate Drive: The website files and scripts should be saved in a different drive. Once hackers get access to the web root directory, they can easily cause data breaches and exploit other vulnerabilities, resulting in corruption of the operat-ing system and other system files. V. Permission & Privileges: If a cybercriminal gains access to a web service engine, they can execute certain files; so it is important to give minimum priv-ileges to the web server software. Website Hardening & Additional Security: Website hardening, also known as defense in depth, means adding layers of security to make it less prone to website attacks. The following points should be kept in mind for website hardening: i. Allow public access to only public areas of applicatons which can be accomplished by web application firewalls. ii. Use input sanitizing techniques to specify what kind of data you expect from the user. iii. Using multi-factor authentication. iv. Reverse Proxy: The proxy server acts as middle-man to the original server once it receives a request from web users. It prevents the direct interaction of the origin server to the client. The proxy server sits in front of the origin server to protect its identity online and to block access to certain content. It can also help in balancing the load of incoming website traffic and can evade crashing. 1. Selecting the Best Payment Gateway & Service Provider: Use of integrated payment gateway needs to have a merchant account. A merchant account is a secure bank account that allows the e-tailer to receive credit card payments directly. Apart from this, it is important to select a payment service provider who has a reputed name does not have outage problems and can offer the package that suits the e-tailer's re-quirements such as hosting secure pages on the PSP server or even providing IMAs.2. Custom Encryption: It is necessary for the e-Commerce business to secure their data with a fea-ture called SQL Transparent Data Encryption. This se-curity bypasses the hacker who wants to gain access to the database. Low level data encryption solutions which are a one click fix never secures the data. 3. Vulnerability Module & Penetration Testing: An e-Commerce website has major important functions such as order management, coupon & reward man-agement, payment gateway integration, and content management. These functions are distinctive in na-ture and hence, each of these functions should un-dergo regular security checks to detect the anomalies present and evade the attacks. Establishing trust over the internet is a tough job, especially for e-Commerce businesses. Even a minor cyberattack may discourage customers from con-ducting transactions on the site for good. Therefore, it is imperative for e-Commerce businesses to look at cybersecurity as a long-term business investment in-stead of as an additional cost. After all, customer sat-isfaction is what matters the most at the end of the day! IT IS ADVISED THAT SERVER ADMINISTRATORS SHOULD ALWAYS CONNECT TO CORPORATE SERVERS LOCALLY OVER PUBLIC WIRELESS NETWORK OR PUBLIC DEVICES
< Page 9 | Page 11 >