What gadgets are on your wish-list this year? Doing some or all of your shopping online to take advantage of great deals or save time? You’re not alone, and according to some estimates more than 60% of people in the U.S. now shop online. As online shopping continues to grow each holiday season so do the network security threats that businesses need to guard against (and consumers need to worry about). Attacks against websites and online ordering systems are growing in sophistication and complexity. The reported incidents should serve as a warning to all businesses to review the systems that protect their websites to make sure they’re up to date, and up to the challenge that the increased holiday shopping creates.
Most businesses these days recognize the value in using web proxies to protect their users and to scan and control web content. These tools and procedures protect users from malware, SPAM, and other types of threats, and protect business owners from financial loss which could result in liability issues relating to stolen data or inappropriate content. Business owners understand that investing in web security tools is necessary to protect both their users and their businesses from the many threats on the web today.
As an integral part of the business Web servers deserve at least the same level of protection due to the sensitive information they often hold such as credit card numbers and customer data. Protecting valuable resources like web servers is often done through a combination of location (a secure DMZ), firewall rules and IPS scanning. These tools help guard against some attacks, but may not be sufficient protection against sophisticated attacks such as SQL injections, cross site scripting, and may not protect a site from malware and viruses.
These types of attacks are increasingly seen in the news, and it’s not only small companies with overworked technical staff that are affected. High profile attacks on companies such as AT&T, and Heartland payment systems show that all types and sizes of businesses are vulnerable, and the results can range from bad publicity (which can scare away potential customers) to loss of market share and lawsuits. Nothing spoils the holiday season like finding out that your credit card number was used to buy someone else’s nice gifts. While there is never a good time to suffer a web server breach, the holiday shopping season is a particularly bad time as this is when most consumer shopping is done. You don’t want people to be wary about shopping on your website because of a past breach.
Properly defending a web or application server is best done by using an actual Web Application Firewall which can act as an inbound proxy, and which prevents clients from directly connecting to your web servers. This separation not only provides protection, but can also provide application load balancing and SSL offloading. Common security tools such as malware scanning can be augmented with advanced protections such as URL hardening and cookie signing, and these tools can help protect even an improperly configured web server against attacks.
Online commerce is serious business and so it requires serious protection. Until recently these tools were available only to larger organizations which had the technical knowhow and financial resources to implement them correctly. New offerings from many UTM providers (such as Astaro) are making these invaluable tools available to businesses of all sizes.
So as the holiday shopping season begins don’t let your web server fall victim to an attack or you may find your online revenue shrinking when it should be growing.
The original article/video can be found at Don’t let a web server attack ruin your holiday spirit – or your online revenue