Results 1 to 5 of 5
I am new to linux and have been reading a lot of the articles and threads on this site for the last month and still feel a bit uncomftorable using ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-14-2007 #1
- Join Date
- Nov 2007
E-commerce Server Security
I am new to linux and have been reading a lot of the articles and threads on this site for the last month and still feel a bit uncomftorable using linux without a GUI. Now I will most likely hire someone to help me with this to make sure it is done right in the first place but I am pretty good with computers and would like to learn as much as I can on my own. So for a bit your opinions please.
I am setting up an ecommerce site for my business and want to house the server in my office instead of using a hosting service. I want to keep costs down and I hear Linux/Unix is the best security match up for Apache.
What sort of security do I need for my ecommerce site?
Do I need a proxy, or can I use a normal router?
Will the Certificates be enough to protect the site? (eg. Verisign, hackersafe)
What is the most secure Linux Distro?
I was thinking of doing the site in PHP/MySQL or C Sharp. I want to make use of forums and blogs within the site as well so I am leaning more towards PHP but I heard it is also easier to hack.
Any feedback is appreciated.
- 11-14-2007 #2
PHP is better then C#.
C# is really unusefull. Its a MS language.
I dont think you can run that in linux.
Anyhow, well Linux is secure as it is.
you might want to use Debian. And if you really need a GUI install kdrive + OpenBox..
Well, If you want this box to be secure you have to do the following things:
- Install Iptables and make Cleaver Rules
- Install HIDS and Monitor it
- Install rkhunter as Cron
- Install NIDS if more people use the same network
- Use OpenSSL.
- Log all the Traffic, going in and out and scan ever now and then.
- Backup the MySQL everyday
- Update everyday.
If you code good in php you filter out MySQL injections and XSS.
Dont add stuff on the page were the User can send stuff to the server that isnt needed. (eg a GuestBook)
Deform the password and username before parsing it to the MySQL so affect MySQL exploits..
Lisern/Read the SecurityNow bit over XSS and MySQL Injections (you have to google for Security Now)
The security system they offer (as it is there sponser) is not needed. dont order it.
- 11-14-2007 #3
C# is a fully standardised language, and was so before Java (I don't even know if Java is yet). Just because it was created by Microsoft doesn't mean it's bad - it was designed to run on the .net platform.
And yes, you can run this language on Linux. Take a look at the Mono project C# compiler pages, here.
C# and .NET/Mono is one of the most interesting developments in computing over the last 20 years - suddenly the kings of 'embrace and extend', i.e. Microsoft, have given away the chance to 'embrace and extend' their own language and platform. It's possible now to ship the same .net executables for use on both Windows and Linux (with limitations, of course).
P.S. I know next to nothing about the ecommerce security, and I know nothing of whether C# is better or worse than PHP for these kinds of applications.Linux user #126863 - see http://linuxcounter.net/
- 11-14-2007 #4
- 11-14-2007 #5
if you are really paranoid about security (and I would be for ecommerce), familiarize yourself with tools like AIDE or tripwire, and get to know nessus. these can all be found thru google. Nessus will help you find hole before others do and aide and tripwire (don't use together) will help let you know if others have found holes.
as far as OS, I would say if you have one you are already familiar with, use that. the same tools work on all flavors, so you don't want to have to learn a new distro on top of all of this.
and to take it a step further, if you have 2 machines you can use, you could use something like pound , or pen, or haproxy, and reverse proxy your traffic to your machine, this way your machine isn't directly connected to the net.