Skip to main content

Posts

Showing posts from November, 2007

Simplifying Web Security

There are a bunch of Blog posts on 11/11 Cyberattack.... Threats like these help in understanding the pains and gains of planning/deploying effective web security measures.... The fundamental principles of Security - confidentiality, integrity and availability need to drive the decision making process....for securing Web Properties(Portals, ecommerce and business websites) In my opinion, the defences need to be created at every level of the infrastructure....the key layers being: Hardware ======= Network Storage Servers Appliances Software ======= Operating System Webserver Application server Database server Special appliance firmware/os The typical threats are centered around increase in load (DoS/DDoS), compromising data (sql injection or Web server exploits) and compromising Authentication/Authorization methods. A simple approach to deal with most of the issues is by using a 3 step approach: 1. Improve application security - Application security is turning from art form to more exac...