Thursday, December 6, 2007

Can Consumers’ Infected Systems Harm you?

Buyer at your website can infect your system…

Who knows what evil lurks in the heart of computers? If you have an e-commerce server, your system could be in infected by malware from a consumer’s machine. Hackers can plant what’s called a bot on a machine that activates when the computer begins an SSL connection. Once the bot is in process, it is able to hijack the session or conduct a “man in the middle” attack, which would mean the hacker could execute remote code on the server.

The results can vary, from instigating denial-of-service attacks to stealing passwords. The solution is simple, however when you want to protect sensitive data such as employee records or bank account information, build a tiered architecture. That way, even if a hacker has access to a Web server, safeguards prevent it from communicating with the next machine in the hierarchy. You can solve most of those problems with perimeter controls.

No comments: