Best Practices for Web 2.0 Security
Web-based applications give employees, customers and business partners access to a variety of useful software services that can be easily updated. The technology also provides access to a central business resource — the Web server — and through it, the ability to tap into other key information assets, such as database servers.
The downside is that Web applications are vulnerable to both internal and external threats. Fortunately, by understanding and implementing proper security measures, a business can guard precious IT resources from Web-based attacks while providing a secure environment for Web-application users. Here's a rundown of the Web 2.0 security best practices you need to be aware of.
Encryption: Since data usually passes over the Web in the clear, high-quality encryption will ensure that valuable data can't be intercepted and exploited by nonauthorized parties. Unfortunately, many businesses still don't encrypt their data, mistakenly believing that the process is too difficult, time consuming or expensive, not to mention that it degrades performance. Such businesses need to realize that modern data-encryption technologies are easy, fast and inexpensive. Additionally, today's high-speed CPUs can easily handle data encryption on the fly.
Weak Validation: Interactive Web applications are highly vulnerable to user-input validation attacks. Web applications that fail to perform thorough validation of user-input screens pave the way for attacks on the Web server and connected resources. Shutting down this vulnerability requires a complete examination of all internal and external Web applications to uncover potential validation weaknesses.
Dangerous Configurations: Many businesses make the mistake of running Web servers within insecure default configurations. Examples are superfluous administrative tools, utilities placed in locations that attackers can easily detect, and unnecessary templates and samples that attackers can exploit. It's important to check for the presence of these items and to either remove or reconfigure them.
Data Storage: When business owners, managers and network administrators think about Web-application security, their first thought is usually about critical company data flowing across unprotected networks. But data is also at risk when it sits unprotected on a storage device . That's why it's crucial to store all Web-application data on protected servers. Disk-based encryption is also a must. Another necessary step is to ensure that temporary files don't inadvertently become permanent, allowing attackers to steal and exploit critical company data . In other words, check to see that your applications are automatically cleaning up after themselves.
Maintenance: The way a business handles its systems and operations can play a pivotal role in Web-application security. Testing and evaluating applications for potential weaknesses whenever they have been changed or updated is particularly important. Even more crucial is keeping Web servers current with the latest vendor-issued security patches and updates . Finally, if you haven't already done so, implement and maintain a security culture that makes the protection of data and end users a top priority.
Web-based applications can be as safe as — or even safer than — their traditional counterparts. Wall-to-wall Web-application security simply requires a commitment to follow a relatively small set of best practices.
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more
