Академический Документы
Профессиональный Документы
Культура Документы
Report
Brendan Timmons
8/6/2008
Contents
Why do you need web security? ................................................................................... 2
What needs to be secured on the web? ........................................................................ 2
Purpose of web security ................................................................................................ 3
Confidentiality ........................................................................................................... 3
Integrity ..................................................................................................................... 3
Availability ................................................................................................................. 3
Authentication ........................................................................................................... 3
Risk management .......................................................................................................... 4
Defining threats and vulnerabilities .............................................................................. 4
Accidental .................................................................................................................. 4
Malicious .................................................................................................................... 4
Authorization ............................................................................................................. 4
Bibliography ................................................................................................................... 5
Web security is vital for anyone who intends to use the internet, for the typical user
the risk is not that great, but for a webmaster the risk is substantially more. If you
don’t have any web security you are just opening yourself up to some nasty people
lurking out there on the internet who get up to all kinds of mischief. These people
are generally known as ‘hackers’, these people look for holes or vulnerabilities in
security systems in order to exploit the website or user in order to gain access to
information, this is called a breach of web security.
Web Security breaches come in many shapes and forms, but there are three main
areas hackers can gain access to personal data:
Ensuring that all confidential information such as client details, transaction records,
stock lists, and server details are secure will hopefully deter any hackers from
accessing the information that could be damaging to your business or clients.
Confidentiality
Web security ensures confidentiality for personal information web users send over
the internet to web sites such as bank details to e-banking sites or transaction
records from an e-commerce website. Without taking security precautions this
information could fall into the wrong hands.
Integrity
Having web security can also protect data and maintain integrity in the case of
hardware failure or malicious threats from hackers or viruses that could potentially
corrupt data. Data integrity ensures that the data will always be there in the event of
a disaster. One way of ensuring data integrity is to have backups, both onsite and
offsite.
Availability
Availability goes hand in hand with data integrity in the sense that if you have a data
integrity plan, you also must make sure that the data is always accessible no matter
what.
Authentication
Using a secure authentication process can aid in assuring confidentiality of users or
clients, by using user ID’s and forcing complex passwords are just some of the ways
to keep the users account details from falling into the wrong hands.
Taking steps in risk management is a large part in Web Security by prioritizing the
risks posed on certain information and making it your first goal to secure information
with a high risk rating.
Determining a risk factor for a piece of information can be broken down into four
parts by considering the:
By doing so, you can focus your efforts on securing information with a high risk factor
to safeguard it from potential threats.
The internet is a large place and there are a lot of threats out there and plenty of
vulnerabilities within software that can be exploited. There are three broad
categories of threats.
Accidental
An accidental threat is generally when a user unintentionally opens themselves up to
a threat by, among other things, accidentally disclosing information, or using simple
passwords that are easy to crack. A lack of understanding in web security is most
likely to blame for cases such as these.
Malicious
Threats that are malicious are intended to cause harm to their target which can be a
number of things such as users, systems, and networks. Malicious threats generally
take the form of a virus. These kinds of threats can be particularly damaging to an
organization or business, destroying critical data such as transaction records or client
data.
Authorization
An authorization threat is when a hacker poses as an authorized user in order to gain
access to confidential information. This is generally achieved by cracking a user’s
password that has access to the network or website in question.