you're reading...
IT, Security

Web Security


You’ve got Internet access and perhaps you’ve opened it up to others.

  • Perhaps the family
  • Perhaps a friend next door
  • Perhaps your a corporation with access enabled to all you employees
  • Perhaps only a few
  • Perhaps you’ve squirrelled it away all to yourself

Whatever the scenario you seriously need to consider what access is available. Even to you.
I hope this to be a short series that discusses Web Security. As ever any comments are welcome.

The Web has been the largest source of information available to the public for some considerable period of time. For this reason the Web cannot be ignored, either by the family or the corporation: Simple easy access to almost any question is but moments away.
But this must be weighed against the malevolent or even simply inappropriate (defined by context) material out there.
Firstly we all need to protect ourselves: our data, software and the very systems we use. Some very large web service providers have been attacked, spoofed or even hacked in such a way as to leave us, their clients, exposed to attack ourselves.
Simply opening a web page can result in data being lost or, more accurately, stolen. Credit card details are the huge target a lot of this activity is aimed at.
This means that our web browsing requires as much protection as our email. No one would want email without some sort of antivirus or anti-spam and the same should also always be in our minds with web access.
It is entirely subjective: what is or is not appropriate for the users of a particular Internet connection to do or see (even hear). Most people, I hope, would agree that there is ‘dodgy’ stuff out there. We need to consider our audience and then we can come to a decision. Protecting children is the obvious one but corporations should never forget their Duty of Care.
If you own or provide access to the web/Internet then you should be aware that you are/could be responsible for the data that is carried across the networks you provide.
Additionally, employers have a duty of care to their employees. Like parents with children, employers should protect their staff and that includes from each other.
The classic example:
A site accessed by one individual causes extreme offence to another. If the information accessed can be construed as “inappropriate” then the employer has failed to protect the offended party.
I am not a lawyer so the limits of liability in these matters is not known to me but the issue cannot be ignored. I have seen this raised within open environments on several occasions.
Yep, we all make mistakes. It is inevitable that eventually we would simply click the wrong thing, access the wrong site and then all hell (could) breaks loose.
When a senior (parent/employer) enforces a banning policy on a junior (child/employee) this often gets confused with molly-coddling; but (without it) if they “accidentally” access something from “The Dark Side” they could end up in a lot of trouble. Remember that some elements of the Internet are actually illegal and it is not always easy to tell what you are accessing until you open the page and then it is simply too late.
Unlikely to be an issue in the home but Corporations pay vast amount of money for their Internet access. Protecting that resource and ensuring that business process reliant upon it are not impacted is essential. Business Internet access tends to be (far) more expensive, smaller and used by more people than home access and is thus harder to manage.
The Home may get a connection rated as 20Mbps but many business use just 2Mbps for as many as several dozen users, perhaps more.
Corporations pay to access ‘uncontended’ or ‘guaranteed’ services. The standard home package looses speed as all your neighbours access the Internet, this isn’t normally the case for business but they really pay through the nose for it.
Add into that the corporations own web services, customer support and vendor systems and your business process is now reliant on that Internet access for simple day-to-day processes.
Non-business access by employees can now disrupt the business far more frequently and effectively than hacks, denial of service attacks or the like.
A small example:
A typical business line is 2Mbps. An audio stream (radio over the Internet) is 48kbps some are as high as 250kbps. So that is between 2% and 10% of the bandwidth gone. It doesn’t take many audio streams to disrupt the business.
Worse still is the streaming video, regularly over 768kbps. A single video stream can disrupt a business branch.
Large software downloads can use all of the available bandwidth, even on the large connections used by the largest companies, causing total loss of service to everyone else.

So what can we do?
What’s the solution?
Well, there isn’t any single solution. In fact your own moral code and trust levels will play an important part of the decision making process.
Over the coming articles though I will lay out my thoughts on the issue. Next is the simplest solution of all. I’m sure you have your own comments and thoughts. Feel free to post.

– Posted using BlogPress from my iPhone

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: