SOHO security package

In article , Winshent wrote: :I am researching a new desktop security suite for a small office.

:Is it a good idea to store cc numbers on of the above internet :connected pc's?

No, never.

:They will be encrypted, but will also have the :decryption file sitting on the PC as well.

Trojans are quite capable of sending back the current screen contents.

Guys, thanks for the feedback.

Andrew, you mention the firewall from Watchguard.. have been looking at the Firebox SOHO 6. Is the Netgear DG834 router/adsl modem not adequate? Whats the significant advantage of upgrading?

We dont need VPN as the office is outside the house. And only have two PC's.

I agree that Zonealarm is the way to go. Are there any alternatives to AVG?

Walter, am also considering storing the CC details on a standalone system, but i can see this being a pain in the ****. The reason i say this is because i am developing an ecommerce site for the client. Who will download the encrypted CC details via a webservice. Its not going to be ideal to have to transfer the data to a standalone system.

Andrew, thanks.. sorry i forgot to mention that it has a firewall built in..

I have thought about using an online service, but the standard charge is approx 5%, which will amount to about £10,000 per annum.. bit expensive!!

If i settle with having the webservice and the de-encryption file sitting on an internet connected desktop (behind a firewall router).. whats the best software security setup to go for?

Consider a firewall appliance like the smallest offerings from Watchguard. Use its NAT facility. In addition, on the PCs, a software firewall like ZoneAlarm Pro, anti-virus like AVG, and a spam filter like SpamPal.

Andrew

Leythos, the site is going to be hosted externally on a friends dedicated server. So the security of the database is not for me to worry about. The webservice (sitting on the desktop) will retrieve the encrypted data via the webservice.. and if successful then the CC details will be deleted from the server.

Dan, thanks for the link, its definitely worth considering! We expect

40 transactions a day via the website, so manhours is not a real issue.. but will be good to quantify the cost of going down this route.

Will go with Zonealarm as Desktop firewall. Any other anitvirus / spam software to suggest?

Have you thought about using an online payment gateway and pre-authorisation of card details so that you only need to pass on the gateway reference and authorisation codes to fulfill the transaction instead of the entire CC details? This way you don't need to store the details, you don't need to pass them around in your web service, and the client is still able to process payments.

Dan

It is adequate when you call it a router/adsl modem/firewall :-)

Andrew

If you are going to host your own site, you will want a real firewall, not some cheap router that pretends to be a firewall. You will also want to run it on something a little better than a cheap workstation.

Do you have a disaster recovery plan yet?

Try their online tool, it allows you to provide information about the number of transactions of each card type and amounts you'll be processing, and shows a chart with a guide to online payment gateways and their costs. IIRC we pay around 1% per transaction with the gateway we use (plus the card merchant costs, but we got a really good deal on those too), but when this is weighed against the additional manhours required to manually process cards and the higher risk of fraud with the number of transactions we do, we're happy with the service we get.

Dan