General Concerns on WWW Security

Download Report

Transcript General Concerns on WWW Security

General Concerns on WWW
Security
• Name: Huaying Chen
• ID# 104714
• Instructor: Dr Mort Anvari
What security risks?
• Bugs or misconfiguration problems in the
Web servers
• Browser-side risks
• Network eavesdropping
Problems with specific servers
• 1. Windows NT servers
• 2. Unix server
Netscape servers
• 3. Macintosh server WebStar
Are there secure OS & Web
servers?
• NO
• Some OS are more secure to use as
platforms for Web than others
• Some Web server software programs are
more secure than others
• Conclusion: More extensibility, less security
Running a Secure server
• 1. Build firewalls
• place the Server INSIDE the firewall
• place the Server OUTSIDE the firewall
• -----use the Server as the ‘sacrificial lamb’
to protect the entire inner network
Server INSIDE the firewall
• other hosts
• Server
• other hosts
FIREWALL
OUTSIDE
Server OUTSIDE the firewall
•
other hosts
• other hosts firewall server
•
other hosts
OUTSIDE
Server side Security
•
•
•
•
Enforce access restrictions
a. By IP address or domain name
b. By user name & password
c. Encryption using public key
cryptography
Client side Security
• a. Clear cache of your browser after
visiting secure sites
• b. Improving password
• c. Make backup copies of important files
Password confidentiality
•
•
•
•
•
1. Combine characters with numbers
2. Change password regularly
3. Use a unique password of reach system
4. Don’t write down password
5. Don’t store password on the computer
Summary
• No computer OS is completely secure. As a
result, the joint effort of the Web servers
and the clients are required to make the
system increasingly difficult to be
compromised.