Comodo HackerProof for PCI Compliance

Website hacking in shopping carts is up on the rise the last decade. As a linux systems administrator, I have repeatedly have customers come to me with cart code riddled with malicous code snips. How did they do it? They used FTP from keylogger trojans, insecure folder and file permissions, failure to rotate passwords on a regular basis and restrict employee usage of the internet white at work.

1. Keep your antivirus software up to date and running! If you run a windows network, ask your virus protection sales person about enterprise versions that will automatically centralize update tasks on all PCs. Your software suite should contain an advanced configurable firewall. Something like that will notify you whenever ANY file tries to make an outbound connection. If you are unsure what to do, consult a local computer GURU. The information contained in the request will tell you the domain or IP address. Your GURU can tell you where its going and why.
2. Insist that your host limit FTP connections to FTP over SSL (implicit/explicit) V3 or TLS v1.1 and deny insecure port 21 plain text logins.
3. PLESK & CPanel both assign a group name for the apache webserver. IIS uses MMC user rights management. If software documentation tells you to change the permissions on a file or folder to 777, please ignore that suggestion! Linux permissions are broken up into USER, GROUP, WORLD. The typical images folder should be 6775 Owner is your FTP user and the group is either nobody for Cpanel and psaserv I believe for apache. the 6 bit turns on special bits for UID (User Identification Digit) and GID (Group Indentification Digit) 77 gives user and group write permissions to a folder and 5 allows WORLD to execute files within that folder. Files should be 6664. Read/Write for USER & GROUP but only 5 (execute) for world. Your host should help you accomplish this.
4. Your passwords are like safe combinations. It's never wise to use a password more than once for years and years. Rotate them every six months and include come capital letters and numbers within, it. NEVER use common names within a password, either! Password: pasadena001 would not take any decent hacker that much time to break your passwords.
5. Employees who have free reign over company internet are going to cost you your business in cases where a data breach occured. They may have visited a vulnerable website and infected the company computer(s).
6. Secure encryption methods on your wireless router and turn OFF the SSID found on most beginning pages of a router setup page.

Data breaches will cost you money and lots of it. I will write more on that in a follow up article on the real cost of data breaches. I do recommend PCI rule 6 scanning on your website at the VERY LEAST. Here is some information you may found use for PCI compliance services.

What Comodo HackerProof Includes

When you display the HackerProof trust mark, you can be sure that your site is verified by Comodo, the brand that over 100 million people associate with security and trust.

The Comodo HackerProof service provides you with:

• The HackerProof trustmark to display on your website.
• A daily vulnerability scan, testing your site for security holes and ensuring it meets HackerProof's trust mark standards.
• A web-based management tool to analyze the results of your A/B testing and increase in conversions on those pages served with the trustmark.

Use The Power of the HackerProof Trustmark

Putting the trustmark on your website converts visitors to buyers.

Take The No Risk HackerProof Challenge Today

• PCI Scanning ONLY through HackerGuardian * From $220YR
• Put HackerProof on your website and pay nothing until you see positive results (Terms and conditions apply).
• Order 1 year of Protection Now $2295/YR
• Order 2 years of Protection Now $4131/@2YR *Saves 10%