Javascript Security
As a web content developer
and as a user, the internet security Threats that you face depend on whom
you are and what you have to protect.
For example, if you are the webmaster for a high-profile organization, such as
the CIA or the U.S. Department of justice, Then you will be the target of all
those hackers merely for the challenge you present; many hackers want the fame
associated with penetrating one of the big people. Even if you are website is
not in the hackers “Top 40”, if it is not well protected , it may be penetrated
just because it is an easy target.
If your website is involved
with any type of financial transaction or controls any valuable assets,
directly or even indirect Ly, then it could be the target of a more
professional type of criminal than the recreational hacker. These cyber thieves
may Try to penetrate your website in order to get access to such things as
credit card numbers, software, sensitive information, or physical assets, such
as products that may be purchased through your website. An attack on your
website may be the first stage of a concerted Attack on your organization as
whole.
If your web server is inside
your organization as a whole. If your web
server could lead to a serious security breach of site – Internal
networks. If your web server is outside
your organization Firewall, then an attacker may attempt to install clandes
tine software to monitor network traffic at the firewall’s external interface.
Due to the growing
importance of the web to commerce , a company’s ability to conduct business can
be affected by attacks on its website. While most businesses don’t prey on each
other through the internet, a third party could manipulate a company’s web
presence to reap financial gain.
Threats to the web
user
The security threats faced
by the individual user an somewhat different than those of the webmaster. First
of all , recreational hackers. If someone’s PC. This rules out some , but not
all , recreational hackers. If someone wants to get access to your PC, then it
is probably someone who is intent on collecting information about you or
sabotaging the data on your PC.
This special someone could
be an acquaintance, a computer , or anyone else who has an interest in knowing
or stopping what you are doing . Due to the rise of electronic commerce on the
web, some electronic pickpockets have surfaced. These smalltime cyber thieves
snoop on user’s PCs in order to collect credit card numbers, passwords, and
information that can be used to forge digital
certificates.
Most indiscriminate attacks
on individuals come in the form of malicious software, such as viruses-yes,
they are still out there. Future attacks will probably include executable web
content (Javascript,Java,ActiveX) and executable e-mail , such as that provided
by Netscape Messenger, Outlook , and other mail programs.
Web Security
Issues
To some , the Internet
itself is just one big security
Vulnerability . However ,for most of us , it is a
vulnerability that we have to live with. While a complete treatment of internet
security vulnerability is beyond the scope of this book, the following
subsections describe web specific security issues from the point of view of the
Webmaster and the user.
The Webmaster’s
Perspective
Running a secure Web server
is not an easy task. Security vulnerabilities can , potentially ,exist anywhere
in CGI programs, in the server setup , or own the web server itself. These vulnerabilities could lead to embrassing
modifications to web content , the theft of sensitive information, or the
complete shutdown of your website.
To run a secure Website ,
the Webmaster must keep abreast of the latest web vulnerabilities and implement
security countermeasures as needed. The World wide web security can help you
get started. It discusses many of the known web vulnerabilities and offers good
advice on how you can protect your web site.
Server Software
Web site security begins
with the Web server. Unfortuantely, not all web servers are secure. Security
holes have been identified in both commercial and public domain servers.
Although these holes have been patched in later versions of the server software,
the potential for the introduction of new vulnerability cannot be dismissed.
Publicly available Web
servers, such as the Apache server, offer a high level of security and
realiability . However, if security is of paramount concern, then you may want
to consider a commercial server by a major vendor, such as Netscape. While
commercial servers are not immune to security flaws, reputable vendors tend to
respond quickly to security holes once they are identified, in order to stay in
business.
Publicly developed web
servers, such as Apache, also have quick arounds for bug fixes in some cases,
even faster than commercial developers. However , there is no one to blame if
and when a problem does occur.
No comments:
Post a Comment