Web and website security
web security is a branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption and from-the-ground-up engineering.
Threats
1. Malicious software
2. Denial-of-service attacks
3. Phishing
4. Application vulnerabilities
Remedies
1. Network layer security
2. Internet Protocol Security (IPsec)
3. Security token
4. Electronic mail security
4.1 Background
4.2 Pretty Good Privacy (PGP)
4.3 Multipurpose Internet Mail Extensions (MIME)
4.4 Message Authentication Code
5. Firewalls
5.1 Role of firewalls in web security
5.2 Types of firewall
5.2.1 Packet filter
5.2.2 Stateful packet inspection
5.2.3 Application-level gateway
5.6 Browser choice
Internet security products
1. Antivirus
2. Password managers
3. Security suites
Network security
Network layer security
TCP/IP protocols may be secured with cryptographic methods and security protocols. These protocols include Secure Sockets Layer (SSL), succeeded by Transport Layer Security (TLS) for web traffic, Pretty Good Privacy (PGP) for email, and IP security for the network layer security.
Firewalls
A computer firewall controls access between networks. It generally consists of gateways and filters which vary from one firewall to another. Firewalls also screen network traffic and are able to block traffic that is dangerous. Firewalls act as the intermediate server between SMTP and Hypertext Transfer Protocol (HTTP) connections.
Role of firewalls in web security
Firewalls impose restrictions on incoming and outgoing Network packets to and from private networks. Incoming or outgoing traffic must pass through the firewall; only authorized traffic is allowed to pass through it. Firewalls create checkpoints between an internal private network and the public Internet, also known as choke points(borrowed from the identical military term of a combat limiting geographical feature). Firewalls can create choke points based on IP source and TCP port number. They can also serve as the platform for IPsec. Using tunnel mode capability, firewall can be used to implement VPNs. Firewalls can also limit network exposure by hiding the internal network system and information from the public Internet.
Operating System and Web Server security
In order to keep your operated system secure:
1- First you must choose a trusted and supported operating system.
2- You should keep your operating system up to date.
3- You always keep your system monitored and make sure all system events are logged.
4- You should enable your operating system firewall.
5- You should setup security software if available.
6- Always make regular important files backups.
Database security
Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management.
Security risks to database systems include, for example:
Unauthorized or unintended activity or misuse by authorized database users,
database administrators,
or network/systems managers,
or by unauthorized users or hackers (e.g. inappropriate access to sensitive data, metadata or functions within databases, or inappropriate changes to the database programs, structures or security configurations).
Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of authorized access to the database, attacks on other systems and the unanticipated failure of database services;
Overloads, performance constraints and capacity issues resulting in the inability of authorized users to use databases as intended.
Physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic breakdowns/equipment failures and obsolescence;
Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities (e.g. unauthorized privilege escalation), data loss/corruption, performance degradation etc.
Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in database or system administration processes, sabotage/criminal damage etc.
Software security
is software that is designed and developed to be secure from outside security threats. making sure that the software does not have any security holes that allows unauthorized access to the software system.
