Securing Your Site

A Web site designed, built, and deployed with security as a prime feature is more robust than one deployed with security features added as an afterthought. However, as Web sites become more complex, it also becomes more difficult to make them secure. Security cannot be achieved by setting a few particular properties, or using a specific tool; instead you must take a holistic approach and address security in all stages of site planning, development, and deployment.

For detailed instructions about configuring your Commerce Server installation to use Windows Integrated Security, see Deploying Commerce Server Using Windows Authentication.

This section contains:

• Security Checklist. An overview of the recommended steps you should take to secure your Commerce Server installation.
• Best Practices for Security. Describes recommendations for configuring a secure site.
• Important Security Notes. Describes known security issues in Commerce Server and the steps you must take to mitigate the security risks.
• Using Strong Passwords. Describes how to create a strong password.
• Using Windows Authentication. Explains how to configure your Commerce Server site to use Windows Authentication to SQL Server databases.
• Using SQL Authentication. Explains the security risks associated with using SQL Authentnication for database connectivity instead of Windows Authentication.
• Developing a Secure Site. Explains the steps you should take to design and develop a secure site. Explains how to prevent buffer overruns, cross-site scripting issues, and denial of service attacks.
• Deploying a Secure Site. Provides an overview of a secure configuration that includes three firewalls.
• Securing Anonymous Accounts. Describes the security requirements for the anonymous account used by run-time users.
• Securing Service Accounts. Describes the permissions required by the Commerce Server service accounts when you use Windows Authentication for database connectivity.
• Securing Business Desk. Explains how to secure the Business Desk application and user interface.
• Securing Your Databases. Explains how to secure your Commerce Server databases when you use Windows Authentication for database connectivity.
• Securing a Predictor Deployment. Explains how to secure the components of a Predictor deployment.
• Securing Your Network. Explains how to enable Secure Sockets Layer (SSL) on your Commerce Server site. Describes intrusion detection systems.
• Securing Your Web Server. Provides an overview of the securing a Web server.
• Additional Information About Security. Lists additional sources of information for developing and deploying a secure site.

Copyright © 2005 Microsoft Corporation.
All rights reserved.