...Or dealing with two legged cockroaches.

Security breeches take on a variety of values and may be as innocuous as a piece of UCE/SPAM email or a full-on assault of either one's street-side business or web site in the form of theft of goods or data.

Needless to say, if the breech is of the aforementioned type whether happening on the web or on the street, you've got some very serious security problems and should consider some professional help.

As with real life cockroaches, vandals can enter through the smallest of opening and they spend a great deal of time just Looking for such portals.  Fortunately, these little "openings" are much easier to plug on a web site than the street-side counterpart where the exterior is open and unguarded.  Also, a little plain ol' common sense goes a LONG WAY in the prevention department!

A key point to keep in mind is the statement above; "...The smallest of openings...".  There can be absolutely No Porosity in your security access procedures.  No detail is too small.

On the web, the most vulnerable places of any web site is "Post Data" forms of one type or another.  These include email forms, guest books, forum boards and or any other form that requires a visitor to submit information to your web site.  EACH blank field that requires an input is a potential "entry point"!  Even forms that use "type=hidden" form fields for known data input are not immune!

Needless to say, good form field validation is REQUIRED:  Preferably NOT using javascript which can be turned Off by the cockroach, leaving your data entry totally unprotected.  And NO, the old "mailto:YourEmailAddress@YourISP.com" is NOT an alternative... The very Worst thing you can do!

The second preventative measure is to identify the cockroach and start your own "database" of information.  Be it a notebook with photos, descriptions and dates or a plain text file... Anything will work as long as you know who to look for.  Talk to other businesses in your neighborhood.  Share information!  The same goes for web site owners.  There's a ton of information available by just aquiring an IP address and perusing your server's access_log files.  You'll learn that is your number one tool.  Remember the everything but a name, phone number and mug-shot comment earlier?  The access_log files contain all the information one might need to nail the cockroach to the wall.

Don't keep your "database" of information locked up in the back-room... Keep it where you and or your employees can have ready access to that information and give employees the authority to stomp the roaches when they walk through the door.  Well, OK... Give your employees the authority to politely ask the known roach to get his or her ass out of your store.

On the web site:  Restricting one's access can be accomplished in a variety of ways.  The easiest and most effective/efficient (for unix server users) is a good .htaccess file in the root directory.  This is the equivalent of "greeting the roach" at the front door only it's faster, seldom "misses" and almost impossible to defeat (when done right).

Lastly, business owners must undergo a complete Attitude Adjustment toward potential customers and visitors to their web sites.  Remember, cockroaches are sneaky little bastards and they sometimes disguise themselves as people.  There's a HUGE misconception that visitors are always right... And they're given chance after chance to correct their "mistakes", especially when visiting web sites.  Bull Shit!  More often than not, those aren't "Mistakes", they're "Attempted Exploits" and should be treated as such.

If your form field has a notation along the lines of "Do not use HTML" or "Do Not Send URLs..." yet a "visitor" insists on doing such... Probably a genuine cockroach and they don't need to see a nice "error message".  Just boot 'em off your site!

The same applies to your street-side business!  If that "customer" comes to your store with a can of spray paint bulging from his pocket... Or, if he's recognized as a known vandal... Why on Earth would you allow him a second opportunity?!

Remember, it's YOUR store.