Web Security Tip

 
  What is Web Security

Security of the web at the present moment is a great concern. When talking about security, the key topics are information and accessibility. If any entity is to mischeviously obtain private information or gains access to a private computer or corporate network/intranet, the results in either case could be devastating.

A lot of companies and organizations on the web have critical information. Some may obtain it due to commerce activity, others may be in the business of data collection and research while some may purchase data for marketing purposes etc. No matter what the source of this information is, it must be protected from falling into the wrong hands.

Imagine finding out one day that your Platinum card that was empty last month has been maxed out. Or the brand new exotic car in your driveway was stolen. You start to wonder how did they get the information, --- probably by hacking into or intercepting the information enroute to a web server. Both of these examples show why security on the web is such an issue.

Identity Theft is a real issue with real consequences. Many have become victims and many still remain vulnerable. But there are measures and precautions that you can take to make sure that you don't fall into the trap.

One effective precaution that you can take is not to click on any links recieved in emails, especially to pages which require you to login. Rather, open those links yourself by typing in the url in a new browser window manually. This will prevent you from falling into the 'disguised link' trap where a spoofer sends you a phony email pretending to be from your financial institution with a link to a fabricated login page. As soon as you submit your login information, it is captured by the spoofer and now he can login with your username and password.
(back to top)
     
 
   
 

Websites are vulnerable to breaches

Securing the web means to secure every possible channel of data travel between the host and the client which are:

  • The Web Server
  • Data enroute to and from Web Server
  • Client computer

We can see that this task is complex and why the web is vulnerable to security breaches.

Web servers are the face of an organization to the public. A successful attack on a web server may be seen by hundreds of thousands of people, creating a bad public image for that organization. In 1996, the official website of the CIA was hacked into merely as an act of vandalism. The title was changed from “Central Intelligence Agency” to “Central Stupidity Agency”. There was also a case where the internal network of AT&T was infected with a virus deleting critical information.

Data enroute to and from a web server may also be intercepted by a third party. Hackers may also set up programs to bombard the Web Server with thousands of requests per second making it hard to handle valid requests.

HTML alone does not pose a direct security threat but it also limits the possibilities for an interactive web based experience. That’s why companies use technologies such as ActiveX, Java, Javascript and plug-ins etc. These technologies definitely make the web pages look more alive, but at the cost of security.
(back to top)

Securing the Web

Netscape offers the SSL (Secure Socket Layer) embedded into its browser. This is a low level encryption scheme used to encrypt transactions in higher-level protocols such as HTTP, NNTP and FTP. There are also companies that offer digital certificates of encryption.

SHTTP (Secure HTTP) is the scheme proposed by CommerceNet, a coalition of businesses interested in developing the Internet for commercial uses. It is a higher level protocol that only works with the HTTP protocol, but is potentially more extensible than SSL.

Firewalls, which protect or block specific connections to the internal network of an organization from the rest of the internet are also used. Firewalls are configured are configured so that all outside connections to an inernal network go through relatively few well monitored locations.

Digital Certificates which encrypt data with a secret key makes it virtually impossible in a timely manner to decipher data travelling through or from a web server.
(back to top)

Future of Web Security

As technology is improving, we find the security issue declining. The problem in many cases may exist in the organization itself amongst devious employees. The companies which find themselves most vulnerable are the mid sized companies which operate on a tight budget and lack the funds to purchase security consulting or qualified personnel.
(back to top)
   
   
 
   
 

References

Law Enforcement. OECD Online. 16 July 1998
<http://www.oecd.org/daf/clp/law_enforcement.htm>

Privacy Related Software. Privacy.net 2001
<http://www.privacy.net/software/>

The World Wide Web Security Faq. W3C 24 March 2000
<http://www.w3.org/Security/faq/www-security-faq.html>

Garfinkel,[Simon] Web Security & Commerce O’Reilly Press. 1st Edition.
July 1997. 9-30. April 29, 2001. <http://www.oreilly.com>
(back to top)
   
   
  Linkspub | Automotive | Business | Computers | Internet | Shopping | Health | Real Estate | Entertainment | Society