10 Ways to Improve Web 2.0 Security
Web 2.0 promises many things, including innovative applications, imaginative data mashups , cost savings and reduced infrastructure overhead. But Web 2.0 also delivers something far less appealing: new security threats .
Protecting Web 2.0 services — and users — from online attacks should be the goal of any business that takes advantage of next-generation Web technologies. Here are 10 relatively painless steps any company can take to enhance its Web 2.0 security:
1. Educate your work force. Employees, particularly IT staffers, need to be aware of the threats posed by Web 2.0. Employee manuals, posters, newsletters, Web sites, interactive games and other media can all help spread the word and keep everyone safe from Web 2.0 predators.
2. Keep your computers up-to-date. Be sure to activate Microsoft Windows Update , Mac OS updates and updates for IM (instant messaging) programs, VoIP and other Web 2.0 applications. This is one of the simplest ways of keeping Web 2.0 vulnerabilities and online criminals at bay.
3. Install defenses. Consider deploying content-monitoring and filtering technology, URL filters, application controls and other tools that can block Web 2.0 threats. On the human side, establish an acceptable-use policy for Web 2.0 technology use and a blog oversight committee to manage blog threats. You should also determine how to deal with intellectual-property rights, trade secrets and other legal issues that arise with the use of Web 2.0 applications.
4. Weigh risks against benefits. It's easy to forbid employees from using Web 2.0 technologies, such as IM and social networks . But before doing so, determine the potential business benefits. You may be surprised to discover just how much Web 2.0 is already helping your business.
5. Check for Web-application vulnerabilities. Businesses that create their own Web 2.0 applications, links and tools often slap things together in a rush. Encourage developers to make intelligent design decisions and to examine their work for potential attacker loopholes.
6. Ban the use of sample code. Web 2.0 developers, pressed to create workable applications as quickly as possible, often resort to sample code as a ready-to-use solution for a specific programming challenge. The problem is that shared code can contain security weaknesses that may go unrecognized by the developer since he or she wasn't involved in its design.
7. Base security logic on the server. Many Web-based applications off-load security onto the client in order to boost loading and execution speeds. The problem with this approach is that attackers are left free to bypass the client with their own software and directly attack the unprotected server . Given the dire consequences that can result from such a scenario, it's better to be safe than fast — keep security on the server.
8. Think like an attacker. Businesses that develop or modify Web 2.0 applications need to think like attackers . This means studying the latest attack methodologies and approaches other businesses are using to keep their Web 2.0 applications secure.
9. Stay on top of threats. Web 2.0 vulnerabilities are discovered frequently, so it's important stay updated on the most recent findings. You can't count on Web 2.0 vendors and service providers to alert you to problems — you must be proactive. This means regularly checking applications and tools for weaknesses and studying the bulletins issued by major security vendors .
10. Run security audits. A security audit is always a good idea, but this task becomes even more critical as Web 2.0 applications pile up, creating new and often hidden vulnerabilities.
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more
