navigation
Home
Software
Security
Payment Systems
Planning

ONLINE SECURITY ISSUES

The consequences of having your Website security compromised are heavy ones. Identity theft is at an all-time high and online security is the first thing on everone's mind. It is up to you to provide these basic security measures for your client: authentication, access control, secrecy, data integrity, and auditing.

SECURITY FOR CLIENT COMPUTERS

Client computers must be protected from threats that can be accessed through the Internet. Active content, downloads, and malevolent servers can be direct threats to your clients.

Cookies are trackers placed in Web pages that attach themselves to a computer and track information for the host. They are required for many dynamic sites but can cause problems if they are not handled correctly. It is important to remind your clients to clear them out.

Cookie
Lock
Other client threats are Web bugs, active content (which may contain a Trojan horse), Java applets, ActiveX controls (mainly in Internet Explorer), graphics and plug-ins, viruses, and antivirus software. There are several measures that can be taken to prevent security breaches. A few of these are digital certificates and stenography, which involves encryption.

COMMUNICATION CHANNEL SECURITY

One of the most important things to remember about the Internet is that it was not designed to be secure. To protect your clients, you must be sure to ensure privacy, be careful about back doors, and avoid threats to integrity (spoofing). There are several encryption solutions to help with security, including cryptography, hash coding, public-key encryption, and private-key encryption

The Secure Sockets Layer system (SSL) was developed to provide secure information transfer. SSL provides a way for clients and servers to exchange information in brief bursts to allow encryption and decryption. Secure HTTP )S-HTTP) provides aditional security including server authentication, spontaneous encryption, and request/respon nonrepudiation.

SECURITY FOR SERVER COMPUTERS

Servers are a main entry point for those who want access to your information or who want to cause destruction. Other entry points are the software, and any back end programs, such as those that contain data and a database.

The server can compromise secrecy by allowing automatic directory listings. They can compromise security by requiring usernamens and passwords for users. In databases, it is important to be sure to encrypt the information and enforce security by requiring authorization. Firewalls are a must have to prevent unwanted access to the server.

Firewall
Computer with Lock

ORGANIZATIONS THE PROMOTE COMPUTER SECURITY

Since 1988, several organizations have been formed to share information about threats to computer systems and to help with overall computer security.

One of the biggest groups formed was CERT (Computer Emergency Response Team). CERT responds to thousands of security issues each year. They then evaluate and post alerts to keep the public informed about what threats are out there.

Other organizations include the Internet Security Alliance, SANS Institute, CERIAS, Microsofts Security Research Group, and the US Dept. of Justice's Cybercrime to name a few.