Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Survey of Designing Web and Tools

advertisement 
Chapter 5
Security, Maintenance, and
Management
Objectives
By study of the chapter, you will be able to:
Identify the problems and issues in the security in
your E-business
What are the considerations in developing a security
plan
Describe the security architecture of the website
Identify and analyze the common website security
measures
Identify the website security resources
Describe the considerations in website management
and maintenance
Questions and Discussion
Homework
the problems and issues in the
security in E-Commerce
50% of all small to midsized e-businesses were
hacked in 2003, a study reported by Gartner Inc.
According to CERT (Computer Emergency Response
Team: http://www.cert.org), a total of 82,094 incidents
reported in 2002; however, this number was doubled
in 2003
An incident may include a hacker attack; computer
virus; an e-crime; and a fraud
CERT reported that 2003 E-Crime Losses Estimated
At $666 Million
Therefore, all of e-businesses must take the
necessary steps to ensure that adequate levels of
security are in place
The considerations in developing a
security plan
Access control of your website by a firewall
Authorization to bind the identification of an
individual to a specified message or
transaction
Data privacy and integrity to ensure that
communications and transactions remain
confidential and accurate
The security architecture of the website
Limit outside access by using:
– Firewall
– User account login
– Software security
– Additional protection for sensitive data
Protect your Web server
– Hacker resistance
– Antivirus software
Implement monitoring and analysis solutions
– Who and what is connecting to your systems
The security architecture of the
website (continue)
– Log analysis reports
– Site traffic analysis and statistic reports
Encryption
– Use of encoding algorithms to construct an
overall mechanism for sharing sensitive data
Use of a Web hosting service
– May provide professional staff and latest
technology for the protection of your website
with a low cost
– http//www.google.com
Identify and analyze the common
website security measures
Routers
– How routers work?
Firewalls
– How firewall works?
Disable Nonessential services
User account security
– Authentication: verify that you are who you claim to
be
– Authorization: What a user is allowed to do
Identify and analyze the common
website security measures (continue)
Data confidentiality
– Only authorized people can view data transferred
in networks or stored in databases
– Methods include:
Put the data on a separate server behind a firewall
Give a database or database server its own security
subsystem and user authentication
Restrict the number of user accounts that can
read/write the data
Separate write data from read data
Encrypt the data and control access to the encryption
key
Identify and analyze the common
website security measures (continue)
Content security
– The most common reported problem in website security is
website defacement (breaks its look) and sabotage (damage
the content of the website)
– According to London security consultancy mi2g Ltd., website
defacements totaled 20,371 in the first half of 2002, up 27
percent from the 16,007 recorded in the same period the
year before
– An intermediate or development server may be installed to
ensure the security before the contents of the website are
uploaded to the actual Web server
– The security software may be installed to such server to
ensure that your site’s content is staged and preserved
before the deployment
– Such software also logs the incident and send an alert to the
website’s administrator
Identify and analyze the common
website security measures (continue)
Monitoring your website
– Monitor your logs for break ins or after the attacks
– Run a security analysis program for the weakness
or potential security problem of your website
– Perform security audits with an outside auditor
– Back up your website files on a scheduled basis
Credit card security
– Most online purchase transactions are encrypted
using the Security Sockets Layer (SSL); therefore,
online purchases are no more dangerous than
credit card purchases made in the physical world
Identify and analyze the common
website security measures (continue)
– All credit card transactions should meet the
standard called SET (Security Electronic
Transactions)
– SET encrypts a credit card information so that the
designated banks and credit card companies can
read the data
– Term “e-wallet” refers to the software that allows
credit card transactions more secure
– Some popular websites offering e-wallets include:
http://www.passport.com
http://www.iliumsoft.com
http://www.gator.com/home2.html
Identify the website security resources
Some websites providing good and reliable security
information include:
–
–
–
–
–
–
http://www.cisco.com/warp/public/cc/so/neso/sqso/index.shtml
http://www.microsoft.com/security/default.mspx
http://www.sun.com/security
http://www.ciac.org/ciac (Computer Incident Advisory)
http://www.fedcirc.gov (Federal Incident Response Capability)
http://www.alw.nih.gov/Security (Advanced Laboratory Workstation
System)
– http://www.cert.org (CERT - Computer Emergency Response Team)
Considerations in website management
and maintenance
The establishment, management, and
maintenance of a website requires a significant
investment of time and resources on your part
The best approach is to start with the basics:
– Design your website for ease of modification
– Avoid sloppy formatting, numerous images, and
superfluous links on every page
– Know who will maintain and update the website and
have more than one person that can easily step in
and take control
Considerations in website management
and maintenance (continue)
Avoid simple but common errors:
– Navigation breakdown
– Links breakdown
– A web page too long
– Too many graphics
– No updating
Example: date of copyright; old contact info
Considerations in website management
and maintenance (continue)
Link management
– According to statistic report by the author, the
average website has one page in every four
containing a broken link
– You have to check these links regularly and update
or delete them when the links are inaccurate
– There are some link management software
available to discover the broken links, investigate
their causes, and repair them; some of them
provide content analysis as well:
ChangeAgent
CyberSpyder Link Test
Link Checker Pro
Linkscan
Hardware and infrastructure
maintenance (continue)
Hardware and infrastructure Maintenance
– The total “end-to-end” performance of the website’s
infrastructure must be understand and analyzed in
order to ensure that it delivers the performance
demanded by today’s web customers
– Many companies provide software packages to
perform such analysis and maintenance:
NetMechanic
TIDF Maintenance Repair Shop (Data backup and
recovery)
Example of an infrastructure maintenance service
contract
Questions and Discussion
Homework for Extra Points
Describe what are the most important
security issues and considerations in an ebusiness today?
Describe what is hardware and infrastructure
maintenance. For a large e-business
cooperation, what method would you like to
employ for such maintenance and why? It’s
better to use some examples in China to
support your points
Due: Wednesday, April 13, 2005 in the class
Related documents
Incident management process model vs Resilience Management Model
Incident management process model vs Resilience Management Model
Cristine Hoepers is a Senior Security Analyst and General Manager... CERT.br, the Brazilian National CERT, maintained by NIC.br, from the
Cristine Hoepers is a Senior Security Analyst and General Manager... CERT.br, the Brazilian National CERT, maintained by NIC.br, from the
What is CERT?
What is CERT?
Document14393968 14393968
Document14393968 14393968
Business License Change Request
Business License Change Request
How we raised awareness on information security in Slovenia
How we raised awareness on information security in Slovenia
Who is doing What in Cybersecurity ? the Tunisian experience Belhassen ZOUARI,
Who is doing What in Cybersecurity ? the Tunisian experience Belhassen ZOUARI,
Implementing a National Strategy : the case of the Tunisian CERT
Implementing a National Strategy : the case of the Tunisian CERT
RFC 2350 Description for CERT-EE
RFC 2350 Description for CERT-EE
Link - Physics Teacher
Link - Physics Teacher
Degrees and Certificates Awarded by Program STUDENT PERFORMANCE 2008-09
Degrees and Certificates Awarded by Program STUDENT PERFORMANCE 2008-09
Writs of certiori (writs of cert)
Writs of certiori (writs of cert)
Critically incident technique The Critical Incident Technique (or CIT
Critically incident technique The Critical Incident Technique (or CIT
Business Planning Questions
Business Planning Questions
atTRACTIVE CHOICES FOR STUDENTS: ANATOMY OF
atTRACTIVE CHOICES FOR STUDENTS: ANATOMY OF
信息安全概述(An Overview of Information Security)
信息安全概述(An Overview of Information Security)
NAVIGATION - City of Dallas
NAVIGATION - City of Dallas
Do you want to know what you can do to Class Registration
Do you want to know what you can do to Class Registration
Supplier Quality Improvement Certification Package
Supplier Quality Improvement Certification Package
US‐CERT A CSIRT Process Model for  Improving Information Sharing & 
US‐CERT A CSIRT Process Model for  Improving Information Sharing & 
Degrees and Certificates Awarded by Program STUDENT PERFORMANCE 2008-09 2009-10
Degrees and Certificates Awarded by Program STUDENT PERFORMANCE 2008-09 2009-10
Degrees and Certificates Awarded by Program STUDENT PERFORMANCE 2010-11
Degrees and Certificates Awarded by Program STUDENT PERFORMANCE 2010-11
Download
advertisement