Commerce Server Security Checklist

Before you deploy your site, make sure you have planned and implemented your site security.

Use the following guidelines when setting up security for your site:

  • Whenever possible, install Internet Information Services (IIS) 5.0 and SQL Server on separate computers. Having users connect to the computers that store your databases presents security risks to your data. You should keep Web applications and databases on separate computers.

  • Always keep sensitive data secure behind a firewall.

Use the following deployment guidelines to protect your site from internal attacks:

  • Restrict physical access to all computers.

  • Restrict the number of users logged on to all computers; give users only the minimum necessary privileges needed to get their work done.

  • Change passwords frequently, especially after someone leaves your organization.

  • Keep logs of all system activity and review them frequently.

  • Keep all backups in a secure place.

  • Use the Commerce Server CS Authentication resource to establish or change the authentication and identification method for your Microsoft Commerce Server 2000 site. For more information, see Managing the CS Authentication Resource

The following is a list of other security items that you should take care of during or immediately after you deploy your site:

  • Limit access to Commerce Server folders and files.

  • Limit access to Commerce Server services.

  • Limit access to Business Desk modules.

  • Limit access to the Administration database.

  • Secure log files.

  • Enable only the most secure version of Integrated Windows (NTLM) authentication.

  • Delete the "sa" SQL administrative login.

  • Provide full access to database administrators.

For information about these post-installation security items, see Securing Your Site.

This section contains:

  • Securing Business Desk Sessions

  • Using Active Directory to Store User Information

  • Separating Users from Internal Domains

  • Protecting SQL Server Passwords

  • Setting Up Data Warehouse Permissions

  • Securing Cookies

  • Using Scripts to Set Permissions on Folders that Contain Your Site

  • Hosting Sites for External Customers

Securing Business Desk Sessions

When Commerce Server Site Packager unpacks a Commerce Server Business Desk application, it is configured to use Integrated Windows authentication. Although this secures client authentication, the Business Desk session itself passes data in clear text. To provide security for Business Desk sessions, consider only allowing Business Desk clients inside your Internet firewall. To provide additional security, you can use Secure Sockets Layer (SSL) for Business Desk connections. For more information about SSL, see "Setting Up SSL on Your Server" in the IIS 5.0 documentation.

Using Active Directory to Store User Information

User information, including passwords, credit card numbers, and phone numbers are stored in clear text in the Commerce Server Profiles database. SQL Server secures this information against unauthorized access, but to improve its security, consider using Active Directory to store sensitive user data. For more information, see Planning for Active Directory Integration.

You can also consider using third-party products that encrypt SQL Server data.

Separating Users from Internal Domains

If you use Microsoft Active Directory for your site and for your internal organization, you should use separate domains. Administering user data outside of your corporate network might require more administrative time and effort, but the security improvement is usually worth the cost. If you share a domain for internal and external use, it is possible for external user data to wind up in your internal Active Directory global catalog. If you have a reason to use your internal Active Directory in your site, it is a good idea to put your Commerce Server Business Desk server on the same side of the firewall as your Active Directory domain controller. The risks of sharing internal and external Active Directory information include site defacement, fraudulent purchases, account changes, denial of service, and virus placement.

Protecting SQL Server Passwords

When a Web server connects to a SQL Server, the SQL password travels in clear text. To protect a SQL Server connection from intruders, use the multi-protocol network driver in SQL Server, which allows encryption of session connections. If you use Windows NT authentication, this password will be protected, except in Commerce Server Setup and if you choose the Quick Unpack option in Commerce Server Site Packager.

Setting Up Data Warehouse Permissions

One way to give Commerce Server Business Desk users the ability to read and modify objects in the Commerce Server Data Warehouse is to give them a Windows Administrator account. However, you may want some Business Desk users to be able only to read reports. You can do this by assigning specific SQL Server database roles to different users. The db_datareader role allows users to see all data from all tables in a database. The db_datawriter role allows users to add, change, or delete data from tables in the database.

To add a user to a SQL Server database role

  1. Click Start, point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.

  2. In SQL Server Enterprise Manager, expand a server group, and then expand the server you want.

  3. Expand Databases, expand the database in which the role exists, and then click Roles.

  4. In the details****pane, right-click the role to which the user will be added, and then click Properties.

  5. In the Database Role Properties dialog box, click Add.

  6. In the Add Role Members dialog box, select the user you want to add, and then click OK.

    Only users in the selected database can be added to the role.

Securing Cookies

By default, cookies travel in clear text. It is possible for intruders to intercept information contained in cookies and use that information to impersonate users. However, cookies can be encrypted. Commerce Server 2000 employs authentication and anonymous cookies that are encrypted to enhance security. To help secure cookies, use encryption, and embed the Internet Protocol (IP) address of the client in them. This allows the target server to verify that cookies are actually sent by the correct user.

Using Scripts to Set Permissions on Folders that Contain Your Site

Commerce Server Site Packager does not package or unpack any NTFS folder or file permissions (access control lists). Make sure you secure the files and folders that contain your site after you unpack it. A good way to do this is to use the scripting hooks of Site Packager to change folder permissions while or after you run Site Packager. For more information, see Using Scripts with Site Packager.

Hosting Sites for External Customers

If you are an Application Service Provider (ASP) hosting sites for external customers, do not host multiple sites on a single computer. Each customer site should have its own Administration database. Users from one site may be able to read data from other sites if multiple sites share the same Administration database. If users can upload scripts to your site, the security risk is greater because these scripts could contain code that reads and writes from the Administration database and other Commerce Server databases.


All rights reserved.