Saturday, February 18, 2012

The answer to securing online business

To be honest, the only way to prevent world wide hackers from affecting business websites is to create a separate, meant for business, network.

In this separate network, each public address, which is where your e-commerce runs, should be tied to your company (and thus, each address is accounted for).

You can have a separate site for the public. But not your e-commerce communications, not your information and intellectual property. You only keep sales, marketing, and contact information - things you would hand out at a business convention freely.

Once you have a "business only" network, you penalize espionage, attacks, and dos attacks. There has to be a central entity that patrols traffic and can penalize offenders. You enforce the business's anti-virus, firewall, security infrastructure, as requirements to connect. You penalize harshly people who take them lightly, and who give access to attackers - including setting up an amount of money paid to victims of security breaches originating from your area of responsibility. Penalties would escalate exponentially to discourage repeat offenders.

Legally, in order to guarantee everyone conforms, you need to setup one per country - this makes it so everyone in that network operates in the same legal framework. This means you have to separate your business into country networks, like you are legally required to do for doing normal business.

You can have a separate "UN nations business network" or "worldwide business network", but it will have more lax and flexible standards. There is no way to guarantee country to country networks with strict rules - responsibility does not work well, legally, that way, nor do governments agree, nor can they share the same policies.

It is the same case for government owned networks. Where you traverse government or citizen's information, must be separate, and government controlled.

Let's define separate. Separate communication companies - even better if wholly owned. Separate fibers than anyone else, even if they go under the sea. Ownership of the pathways. You cannot trust cryptology in an open network. At least try to make it a private channel - then definitely encrypt it.

Do not trust shared equipments - they have to be separate and secured. Whoever owns the pathways must have stringent policies of hiring/recruiting/physical security, and must be financially responsible for breaches.

If you are going to build it, make it resilient and multi-point redundant. Assume you will be attacked from a "no-resources spared" legion of attackers. Design it so it can handle it :)

No comments:

Post a Comment