When it comes to the Internet, a frequently voiced concern is security. Most small business owners and customers, however, often can’t be specific about why electronic commerce makes them so edgy. Although "Net nervousness" can partially be attributed to the lack of experience inherent in using new technology, unique security issues do exist in the electronic realm. Understanding where you are vulnerable can help protect your customers, the Web server and your business. Keep the following attack techniques in mind.

Sniffing: Because of the hardware and degree of effort involved, sniffing is probably the least common form of cyber theft. By hacking into the routers and servers that run the Internet, hackers position themselves along major Internet pipelines and use sniffing software to look for and intercept messages that contain credit card numbers.

Solution: Customers use encryption software as an effective way to protect their transactions. Virtually unbreakable, encrypted transactions are safe from interception. In addition, small business owners can incorporate Secure Links into their payment programs. This software examines the path of the message and assures the user that the route is clear from unauthorized viewers.

Hacking: The most lucrative opportunities lie in hacking, not into the customer’s machine, but into the store owner’s system. This can be particularly damaging when the business possesses a database of customer credit cards and is running its inventory and other functions on a server.

Solution: Entrepreneurs with their own server can restrict access by incorporating firewall technology. By designating a section of the server as open to online traffic and then using firewall technology, businesses can ensure reasonable protection from hacker intrusion.

If a company has not made the initial investment in a server and does not plan to incorporate inventory, operations and sales software with its Web site, using an ISP host to handle transactions is a good idea. ISPs are equipped to handle e-commerce sales and incorporate their own security specialists to minimize security risks.

Using SET technologies, credit card companies have provided entrepreneurs with the best protection of all by enabling them to conduct credit card transactions without ever coming into possession of a credit card number. The process, in which the customer sends an encrypted number to the small business, which then sends the encrypted number and a purchase order to the bank, leaves the path between customer and business less vulnerable.

Finally, e-cash or cyber cash removes almost all the risk involved in accepting credit card orders over the Internet. E-cash allows a customer to set up an account in advance for electronic cash units. Just like paying by check, customers pay out of their e-cash account, and merchants deposit the cyber check to receive payment from the e-cash bank. E-cash is also an excellent way for foreign customers to exchange money to purchase American goods.

Cyber Fraud: Many customers fall victim to mail fraud every year. On the Internet, someone in Iowa or India can create a virtual store that will take a customer’s money but never deliver a product.

Solution: Right now several organizations including credit card companies and the U.S. Post Office are vying to become universal issuers of Certificates of Authority. For certification, small firms must prove that they are viable, legal enterprises. Upon approval, they receive a seal for display on their Web pages. Customers who examine a small business site can be reassured by this certification that the firm has been deemed legitimate by a neutral authority.

Whether transactions are made over the Internet, through a catalog or across a store counter, no form of commerce is ever completely safe. The biggest concern is often one of customer perception. Most Internet experts predict that the convenience and ubiquity of electronic commerce, in addition to continued innovations in security, will eventually convince even the most "Net nervous" to jump onto the Web.

Your small business might not need the high security environment of Litton Industries, one of the largest defense contractors in the U.S. But it’s nice to know that such environments exist.

Litton Industries, based in Woodland Hills, California, has 34 divisions scattered around the world, ranging in size from 10 to 9,000 people. Its corporate motto is "The Best Defense," and that’s what it called for in a network security system.

The company was spending millions of dollars each year to maintain a private network through lease lines. "Initially we were wary of ‘going public’ on the Internet," recalls Mike Garland, who manages the corporate virtual private network for Litton. "But then we figured, the Internet is there, we should be using it."

Enter Raptor Systems. Raptor is a leader in integrated firewall security management, and installed its Eagle family of modular software components to provide real-time network security for Litton Industries’ many divisions. Groups of fewer than 250 users employ the EagleMobile system to create "virtual tunnels" between their computers and the Internet.

Litton Industries chose Raptor because the security company has a perfect record: no security breaks have ever occurred through Eagle firewalls. Why should small business owners sit up and take notice? According to Guy Rosefelt, Raptor’s Southwest Systems Engineer, "The Internet is an even playing field. Your size doesn’t show out there, but your security sure does."

If you are concerned about network security within your company, here are some online resources to explore for more information:

Raptor Security Library (www.raptor.com). The self-proclaimed "Authority on Information Security," Raptor has set up a Web site full of product and service specifications, as well as an online library of more than 113 articles about computer security, firewalls and a host of other related topics.

Computer Security Institute (www.gocsi.com). CSI is the oldest international membership organization offering training specifically targeted to information security professionals. Its Web site provides a calendar of training seminars and links to other security resources.

National Computer Security Association (www.ncsa.com). NCSA is an independent organization that promotes commercial digital security. The Web site discusses NCSA’s certification process for becoming a Secure Web Vendor, and promotes its magazine, Information Security Magazine.

Hardcore Internet security junkies should investigate these newsgroups: alt.security comp.security.firewalls comp.security.misc

You can also subscribe to the Firewalls listserve by sending an e-mail to majordomo@greatcircle.com. The subject field of the message should be blank, and the body of the message should read "subscribe firewalls" for the full edition or "subscribe firewalls-digest" for a shorter version.

Excerpted with permission from Small Business Success, Volume XI, produced by Pacific Bell Directory in partnership with the U.S. Small Business Administration.