Online website protection
Two basic kinds of online websites are online banks and online games. Unlike what we were doing for traditional system security, we must take care of both front-end servers and customers’ applications. Yeah, customer’s desktops and applications! A lot different!
No matter what mode is, C/S or B/C, we need to make sure both careless users and vulnerable applications are in good security posture. This brings by far tough challenges to security team. Un-registered game server(SiFu in Chinese), phishing website , Cheating Program(WaiGua in Chinese ), variable trojans, leaked password, or compromised users’ system , lots of servers reside in distribute IDCs , different operating systems and applications , all of this make security mess up .
Here is an economic way for your reference.
For the servers, system hardening (of course, firmware devices included) is a must to secure the “default” configuration or misconfiguration , and outdated systems.
For the applications, penetration testing should be done to deal with Cheating Program.
For un-registered game server, a “Network Spy” should be dispatched, monitoring the BBS community to identify the exact Fake IP Address.
At last, a security awareness training (not only to IT staffs, but also to the end users ) should be conducted regularly .
If budget allowed , a full and top down risk assessment is recommended. By doing risk and cost analysis, we get to know who we are , what we actually need, which level of protection we need , what solutions/security model (appropriate products ,services ,person, management ,technology ) should put in place , how and where to place them and then how to implement countermeasures. Organization responsibilities, policy, standards , guidelines , procedures should be documented. This is critical to make IT team and security team work more effectively. The goal is to make products more productive, more efficient, more friendlier and more secure. Security team could help grow organization profit. The whole company can benefit from it.
well summarized. a strong WAF will helps as well