1 / 21

Web Design & Development: Security

Web Design & Development: Security. By Trevor Adams. Topics Covered. About security Why bother? Security Policy Attacks Intrusion Denial of Service Attackers Basics Protecting your mark-up! Hosting Web Site. Security – Why Bother?. Why do we need to think about security?

laksha
Download Presentation

Web Design & Development: Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Design & Development: Security By Trevor Adams

  2. Topics Covered • About security • Why bother? • Security Policy • Attacks • Intrusion • Denial of Service • Attackers • Basics • Protecting your mark-up! • Hosting • Web Site

  3. Security – Why Bother? • Why do we need to think about security? • Would it not limit your freedom of speech? • “They don’t wish to read my stuff, I am not bothered about theirs!”

  4. Security – Why Bother? • BUT! • Society has rules! • Without them, society breaks down • “They do want to read my stuff and I am, to tell the truth, interested in theirs!”

  5. Security – Why bother? • So we have an obvious conflict… • Freedom of speech or invasion of privacy? • Private information on a public network • Boring information or access to secrets? • This is all security!

  6. Security Policy • Developed often without realising • “I do not bother, I have nothing I need to protect. Anyone can use anything, I really do not care!” • This is a security policy: Do Nothing • Which can be completely valid if it fits

  7. Security - Trust • Before considering the Internet or the web, lets consider trust • Everyday life • Most of the world is built on trust • A thoroughly strange concept • Credit Cards • Chairs • Taxi Drivers • The humble fiver is actually just an IOU

  8. Security - Attacks • There are many types of attacks • Three common types: • Intrusion • Denial of Service • Information Theft • We shall look briefly at these

  9. Security - Intrusion • The most common form of attack (unofficial) • The attacker is able to use resources belonging to you • Most attackers try to use the resources as though they were legitimate • Known as masquerading

  10. Security – Denial of Service • Aimed at preventing use of your own resources • Overloading a web site • E-mail bombing • Used a lot on the web • Easy to do • Very little real defence • Blackmail, server ransom etc. • Occasionally accidental • Holiday mail messages for example?

  11. Security – Attackers • Deliberate forms of attacks might come from these type of attackers • Joy riders – bored people amusing themselves • Vandals – out to damage the public net • Score Keepers – Geek bragging rights • Spies – industrial or otherwise • Stupidity or accident – usually naiveté

  12. Security - Prevention • This is a tough topic to cover without going into some scary science • Anti-virus software – anti information theft and intrusion • Network firewalls – anti-intrusion • Security policy – general assistance • Toughest attack to defend • Denial of service • Difficult to defend against an over use of a service on a public network • In the end you have to cover every possibility • Attackers have to find one exploit!

  13. Security and WDD We have to cover all this?

  14. WDD and Security • Topics introduced are complex • Most could encompass a degree in their own right • So what about us? • We do HTML right? • All of the aforementioned topics are worth knowing about • Some of the topics are for network engineers • Some are for programmers • It is everyone's responsibility however!

  15. Basics • To some, security is seen as an exotic topic • Fun, exciting and cutting edge! • This might be true…(anyone seen Swordfish?) • In reality it starts in a more mundane manner • Personal procedures • Personal computer protection • Good personal security policy

  16. Web sites as a public face • Your web site is a public face • Whether personal, commercial or otherwise • It is put up in the world for everyone to see • There are various reasons why people want to mess it up • You cannot stop them trying • However, you should not make it easy for them

  17. Protect your own mark-up • You create your web sites locally for upload later • Take care of your own files • Don’t be uploading modified versions • Viruses and Worms are notorious for modifying files without user knowledge • Good common sense • Strong password policy • Up to date security software – firewalls, anti-virus • Limited access to shared files • Do not run your computer as Administrator just to type!

  18. Hosting • Hosting your web site on a reliable provider is a must • You need that all important TRUST • They should provide a service level agreement upon request • Help you with Denial of Service attacks • Make back-ups on your behalf • This is why you pay for hosting • Relieves the technical issues of running your own web server • Change your FTP password regularly • FTP is a plain-text protocol • Where possible, use Secure Socket Layers (SSL)

  19. Your web site • We have only touched the surface of server-side technology • However, it is worth understanding how your own web site can be the problem • The best host in the world cannot protect against poor web site development

  20. Your web site • Any web site that ventures past plain HTML opens itself to be prodded by ‘no-gooders’ • Web applications lack the control of desktop applications • You have no control on who posts to your form • Form submissions could come from pages that you have not designed • Code your pages to be hardened against mal-formed posts • Do not process user input as though it is automatically trusted • Many of these techniques will become more apparent if you continue to study web development and applications

  21. Summary • Security is a vast, interesting topic • Think about how it impacts on so many areas of your life and society at large! • Computing security is a small part of security as a topic • Understand how private data on a public network is an odd contradiction • Security by obfuscation will not last forever • Just because its not obvious, does not mean nobody will find it! • Take good steps and procedures to do your part • Protect your own work as best you can • Do not leave the door wide open to information theft

More Related