Download Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts
no text concepts found
Transcript 
Web Design &
Development: Security
By Trevor Adams
Topics Covered

About security





Why bother?
Security Policy
Attacks
 Intrusion
 Denial of Service
Attackers
Basics



Protecting your mark-up!
Hosting
Web Site
Security – Why Bother?



Why do we need to think about security?
Would it not limit your freedom of speech?
“They don’t wish to read my stuff, I am not
bothered about theirs!”
Security – Why Bother?


BUT!
Society has rules!


Without them, society breaks down
“They do want to read my stuff and I am, to
tell the truth, interested in theirs!”
Security – Why bother?





So we have an obvious conflict…
Freedom of speech or invasion of privacy?
Private information on a public network
Boring information or access to secrets?
This is all security!
Security Policy

Developed often without realising


“I do not bother, I have nothing I need to protect.
Anyone can use anything, I really do not care!”
This is a security policy: Do Nothing

Which can be completely valid if it fits
Security - Trust




Before considering the Internet or the web,
lets consider trust
Everyday life
Most of the world is built on trust
A thoroughly strange concept




Credit Cards
Chairs
Taxi Drivers
The humble fiver is actually just an IOU
Security - Attacks


There are many types of attacks
Three common types:




Intrusion
Denial of Service
Information Theft
We shall look briefly at these
Security - Intrusion

The most common form of attack (unofficial)


The attacker is able to use resources belonging to
you
Most attackers try to use the resources as though
they were legitimate

Known as masquerading
Security – Denial of Service

Aimed at preventing use of your own resources



Used a lot on the web




Overloading a web site
E-mail bombing
Easy to do
Very little real defence
Blackmail, server ransom etc.
Occasionally accidental

Holiday mail messages for example?
Security – Attackers

Deliberate forms of attacks might come from
these type of attackers





Joy riders – bored people amusing themselves
Vandals – out to damage the public net
Score Keepers – Geek bragging rights
Spies – industrial or otherwise
Stupidity or accident – usually naiveté
Security - Prevention

This is a tough topic to cover without going into
some scary science




Toughest attack to defend



Anti-virus software – anti information theft and intrusion
Network firewalls – anti-intrusion
Security policy – general assistance
Denial of service
Difficult to defend against an over use of a service on a
public network
In the end you have to cover every possibility

Attackers have to find one exploit!
Security and WDD
We have to cover all this?
WDD and Security

Topics introduced are complex


So what about us?


Most could encompass a degree in their own right
We do HTML right?
All of the aforementioned topics are worth
knowing about



Some of the topics are for network engineers
Some are for programmers
It is everyone's responsibility however!
Basics

To some, security is seen as an exotic topic



Fun, exciting and cutting edge!
This might be true…(anyone seen
Swordfish?)
In reality it starts in a more mundane manner



Personal procedures
Personal computer protection
Good personal security policy
Web sites as a public face

Your web site is a public face



Whether personal, commercial or otherwise
It is put up in the world for everyone to see
There are various reasons why people want
to mess it up


You cannot stop them trying
However, you should not make it easy for them
Protect your own mark-up


You create your web sites locally for upload later
Take care of your own files



Don’t be uploading modified versions
Viruses and Worms are notorious for modifying files
without user knowledge
Good common sense




Strong password policy
Up to date security software – firewalls, anti-virus
Limited access to shared files
Do not run your computer as Administrator just to type!
Hosting





Hosting your web site on a reliable provider is a must
 You need that all important TRUST
They should provide a service level agreement upon request
 Help you with Denial of Service attacks
Make back-ups on your behalf
 This is why you pay for hosting
 Relieves the technical issues of running your own web server
Change your FTP password regularly
 FTP is a plain-text protocol
Where possible, use Secure Socket Layers (SSL)
Your web site



We have only touched the surface of serverside technology
However, it is worth understanding how your
own web site can be the problem
The best host in the world cannot protect
against poor web site development
Your web site


Any web site that ventures past plain HTML opens
itself to be prodded by ‘no-gooders’
Web applications lack the control of desktop
applications


You have no control on who posts to your form
 Form submissions could come from pages that you have
not designed
 Code your pages to be hardened against mal-formed posts
 Do not process user input as though it is automatically
trusted
Many of these techniques will become more
apparent if you continue to study web development
and applications
Summary





Security is a vast, interesting topic
 Think about how it impacts on so many areas of your life and
society at large!
Computing security is a small part of security as a topic
Understand how private data on a public network is an odd
contradiction
Security by obfuscation will not last forever
 Just because its not obvious, does not mean nobody will find it!
Take good steps and procedures to do your part
 Protect your own work as best you can
 Do not leave the door wide open to information theft
Related documents
Web Design & Development: Security
Web Design & Development: Security
Marketing Plan Implementation Assessment
Marketing Plan Implementation Assessment
01 Computer security overview
01 Computer security overview
Malicious code, Mobile Code and Denial of Service attacks
Malicious code, Mobile Code and Denial of Service attacks
Security and Assurance in IT organization
Security and Assurance in IT organization
Thinking about Group Work
Thinking about Group Work
No Slide Title
No Slide Title
Whitney houston case study: addiction
Whitney houston case study: addiction
IIDPS: An Internal Intrusion Detection and
IIDPS: An Internal Intrusion Detection and
CHAPTER 3 Classes of Attack
CHAPTER 3 Classes of Attack
Systems Security
Systems Security
Chapter 6 Bluetooth digitizes an image and transmits the
Chapter 6 Bluetooth digitizes an image and transmits the
Building Survivable Systems based on Intrusion Detection and
Building Survivable Systems based on Intrusion Detection and
“Mind over Reality Theory”: A New Explanation for Unusual Features
“Mind over Reality Theory”: A New Explanation for Unusual Features
Research Areas - The George Washington University
Research Areas - The George Washington University
NSF Opportunities
NSF Opportunities
Slides
Slides
Data Mining, Cookies, and Identity Theft
Data Mining, Cookies, and Identity Theft
Introduction CS 239 Security for Networks and System
Introduction CS 239 Security for Networks and System
Information Security in the New Millennium
Information Security in the New Millennium
N22094098
N22094098
Blueprint For Security Chapter 6
Blueprint For Security Chapter 6