How to Secure Server Data to Improve the Reliability of eCommerce Sites
October 13, 2014
You all know how Important are credit card numbers or debit card numbers saved into the servers, If anyone else get it, it takes just number of minutes to drain your bank account. Isn’t it? These days are the days where you will find an immense competition among eCommerce sites as all derives their selections for online shopping.
Now in this competition how can you give the best assurance to your customer that their data is safe? Because by no means you can be too cautious, but a way to make your eCommerce site on top is to give a big assurance to your users that the sensitive details provided by them are 100% safe to you. How can you nail that? Well, that can be possible by securing your server.
First Step towards securing server is to make a choice of the right service provider:
When you are opting service providers some things remain unchanged for all are: Hosting, VPS or server
Don’t get into the super cheap or free offers:
Well from my point of view, this rule applies in any of purchasing, but for a while I will discuss by taking the server only in consideration. I have two causes why you should avoid it.
1. Cheaper means lots of Hosts resulting your application on an overpopulated server, which have too much traffic on it. 2. Cheaper VPS (Virtual Private Server): with this also same situation will arise as you will share the machine with too many users.
In both above selections, the user will face bad experience as well your application will be more susceptible to attacks. One more chance is that when you are opting a cheaper route there are more chances to DDoS (Distributed Denial of Service) which is an attack on the server or a network resource that turns your server or network unavailable to users for a while, this may extract the sensitive data.
Check the Security, before you purchase server.
When you will go to purchase a host server, you must check the details about the security that they have provided. If you find that the listed information is too short, it’s better to contact them directly and ask them how they are going to secure your sensitive data and application.
There should be some information that they kept confidential, for an instance, they may not provide you information regarding to the firewall, and that they are using to secure your data. That is a good thing that they are not telling you such information. But if they are providing it, that means they will provide this confidential information to the attackers also!!! Don’t go with such a server provider. This is a trick to know at which intent, it is secured for you.
Here are some more questions that you can consider while purchasing a server:
How many other people will have an access to the same server?
What if the disks are replaced, where they go?
Can anyone have a tape backup of my data?
Who can access my data, if it is so?
If the disk is getting broken, you should request them for the broken one.
You will think what funny talks I am telling!! Is that so? Huh, ponder on this why I am saying this. I am serious about this. If your hard drives fail, make sure you request your provider to send it to you, some will provide you it free of charge or some may take a charge for that. You should not mind about charges that they ask because your users or clients’ data would be on that broken disk that may leak somewhere if you do not take that broken drive back. You will realize that it’s worth to have it by knowing this I guess.
If you don’t want it, turn it off.
Best and easiest way to secure your server is: “If you don’t want it, turn it off”, if you want to significantly increase the security of your database server then, make sure that the access of your server is limited to one machine only in LAN. This is only possible if your servers are under one hosting center. But, what if not? The solutions for this is calling provider and ask them to turn it off. This is possible, In the case of you have one or two web based admin panels.
And either of these options don’t go with you then, never try to turn it off by messing up the network interfaces. If you will do so then, they may will get the wrong message that your machine does not have an internet access and they will try to solve it.
Keep updating your OS may benefit you
Operating System also may be a reason to exploit and defect your server. So keep your OS up to date by updating it on the regular basis. Secondly, you should keep checking that your OS is not running out of date. If your OS will be expired and you don’t know about the expiration, then there are chances that your OS gets replaced with something totally new that is unwanted from your side. You can prevent this situation by selecting LTS (long term support) version of an OS.
Why to use unnecessary services? Disable it.
You have no surety of any of the services that is running on your machine are secure, the better way is to disable services which are unwanted to decrease the risk of failing any of services and exposing you to attack. So it’s better to disable what you don’t want. You can find many tools that are available to achieve this task.
sysv-rc-conf : Debian manual stanza : Ubuntu msconfig : Windows
Block the Ports to Block the Attacks:
This state is similar to the last issue. In almost all cases you should deny access on all ports like for HTTP traffic : port 80, for HTTPS : port 443, for SSH : port 22. If you do so, that will make sure that even if you install some faulty software, it will not be broken by any attacker and will fail itself will cause more problem. So it’s better to check before you installing any software to your machine. If you have multiple HTTP servers running on different ports to prevent it, you can use nginx, Varnish or Apache to proxy traffic from port 80 to the other port which is appropriate for all other servers.
Create obstacles by changing the password
This is recommended to everyone who holds sensitive data, but many people forget to do it or be liberal for changing the password, but it is necessary. For an instant, if someone completely hacks into a system, but they are not causing any distortion over your machine and just stay back and silently download all the data or waiting to get a right opportunity to smack.
The best way to prevent such a distortion is to frequently change the password because it makes his work more hard. And if your server is used by other users, then make them aware of this and force them also to change the password frequently. It is better to make user’s password expire in 14 days, so that will remind you to change the password.
Don’t allow anyone to access Root.
Yes, you should not allow anyone from logging into the Root using SSH, this is one of the major threat as if anyone cracks password of your root directory using brute force attack which tries username and passwords, over and over again, until it gets in. Once it will get your game will be over.
How to deal with this? With Linux do the following:
If you don’t have user then create a user using :
1. useradd command 2. If you don’t have sudo, then install it using apt-get install sudo now enable for the user which you have created using adduser sudo. If you already have sudo type sudo-V 3. Now edit /etc/ssh/sshd_config file. 4. Now find below the line #PermitRootLogin yes Change it to #PermitRootLogin no 5. Restart the SSH /etc/init.d/sshd restart
In the Windows administrator account is already disable but it’s better to check once to sure it.
Should use Antivirus
When matter is about using antivirus in Linux then yes, there are many who will say I am using Linux so I don’t need to have an antivirus. But that is not so right, Linux also can face the malicious software. Yes, that is correct that windows have greater chances than Linux, but you can’t say that Linux is 100% secure. You should use antivirus for Linux also to prevent virus to your machine.
I know there are certain problems like if you allow users to upload anything on your server and on the server side if you are developing something and you are testing it on your server, you may get the report of virus if your antivirus is on at that time. In this case if you will go to analyze the problem you won’t figure out the problem. What you need to prevent such an unwanted issues and increase the performance of the system using antivirus, Exclude such directories from scanning.