| |
Security
and Access Control
If you are hosting your own server, physical security becomes an
issue. You must protect the server from theft and vandalism, power
outages,and voltage fluctuations. Keeping it in a locked room usually
provides adequate physical protection, while the use of surge protection,
an uninterruptible power supply, and/or battery backup take care
of the latter concerns. You must back up your data on a regular basis,preferably
daily; back-up tapes or other media should be stored in a secure
location away from the server. The best strategy is to have at least
two complete
back-up archives, with one kept in another buildingunder lock and
key.
Protecting your data and ensuring confidentiality require that you
limit access to the Web server. Usually access control is attained
through
authentication: establishing, through the use of such devices as
digital signatures, the identity of users on the system and their
level of
permission.
If an Internet site is intended for public consumption, security
is usually not an issue. For extranets and intranets, however, it
may be critical. Obviously, security is a matter of degree, and achieving
acomfortable level of protection will vary from firm to firm. The
security measures required to ensure confidentiality, for example,
may bequite different from those needed to protect electronic transactions.There,
authentication may have to be augmented by nonrepudiation,which means
that a particular act can be attributed to a specific person,for
example, an architect signing off on a change order request or a
subcontractor submitting a bid. With nonrepudiation, once a person
enters into an
agreement, they cannot cancel it by claiming someone else authorized
it.
A secure Web site requires an access plan. You will likely want to
allow different levels of access to the site for different categories
of
visitors, including employees, clients, consultants, agencies, and
contractors.You might provide read-only access to some classes of
users, while others will be allowed to upload and download material.
You might also organize the site into functional areas that allow
users access to appropriate parts while restricting access to others.
(You may not want that roofing contractor to read the owner-architect
agreement.) Ken Sanders, of Gensler, said this about
access control:“One thing we learned was: don’t reveal
to people the information they can’t have access to. They should
only see what they can have and not get a glimpse of what they’re
not getting.” Otherwise,they may feel slighted by their exclusion.
Password Protection
A reasonable level of security can be obtained with a user name
and password system. This system can be implemented with a simple
CGI script and is available to you even if you are not operating
your own server, provided your ISP gives you this privilege.
Under this system,you generate a small access file setting a user
name
and password for any folder or subfolder within your site. The
file is then placed in the designated location on the server.
Whenever someone tries to access a protected folder within your
Web site, they are presented with a dialogue box requiring this
user name and password. Unless you aredealing with highly sensitive
projects involving government or industrial secrecy, this level
of security is probably adequate.
Access levels might be nested,
that is, access to a deeper level of the Web site requires a
second password. Such control is accomplished simply bycreating
a subfolder
with another access file. You can change the usernames and passwords
whenever you wish or have reason to suspect that unauthorized
users are attempting to access the protected area ofthe site.
Password protection can be used to limit access to Web pages
and FTP directories. You may allow partners to upload files directlyto
FTP directories; in this case the system must be designed so
that such users are limited to particular directories and can
have no access to higher-level directories.
Access to the Web site is one thing; access to the server itself
is another. When you upload files to your Web site via FTP, you
will require a different password; this one should be well guarded
from unauthorized use. Since your Web site and your FTP site are
on different areas of the server (or on different servers), you
can allow partners to directly upload to the FTP site without compromising
the security of the Web site.
SSL Protocol, or HTTPS, is the secure version of HTTP. It uses
encryption to hide sensitive data and is the basis of e-commerce,
online securities
trading, and banking transactions. It enables server and client
to negotiate a secure “handshake” relationship with
each other before sensitive information (such as a credit card
account number) is exchanged.
Some reasonable measures should be taken even when a relatively
low level of security is adequate:
- Don’t use obvious passwords,
such as initials, names of children, phone
numbers, or addresses. Passwords should be at least
six digits,a mixture of upper and lower case,
letters and numerals.
- Passwords should be changed every
thirty days.
- All password-protected transactions should be
logged.
- Session IDs provide a somewhat higher degree
of security than passwords alone. When a user logs in to the
system,
a unique time
stamp and identifier, which expires
after a set period of time, are automatically issued. Session
ID is most useful for providing
an audit trail to track site usage.
- Dynamic passwords
is a system that generates a password on the fly for a particular
session, in combination with a more permanent
passwordissued to the user.
If you or your clients or partners
are possible targets of terrorism or sophisticated industrial
espionage, you may need a higher level of security, such as is
provided by card readers, encrypted certificates, or even biometric
authentication.
Firewalls
Firewalls (another term borrowed from architecture!) are systems
that protect your internal network from unauthorized outsiders.
The termis used loosely and can refer to both hardware and software
barriers to intrusion. A managed firewall is an integrated security
system consisting of hardware, software, and monitoring and management
tools that actively analyze and protect your internal network
from potential break-ins.
The issue arises when you build a bridge between your intranet
and the larger Internet. If you are using the Internet strictly
for external operations, then it may make sense to isolate it physically
from your intranet by running two independent servers with no connection
between them. The Internet server might be outside of the office
at a Web
hosting service. However, most companies that have invested in
an intranet want employees, clients, and colleagues to be able
to access
it from outside of the office, and they also want to reach Internet
resources from within the intranet. The interface between Internet
and intranet is where the security problem arises. How doyou let
the “friendlies” in while locking out the bad guys?
That’s where the firewall comes in.
One kind of firewall uses packet filters to check the IP address
ofall external computers attempting to access the intranet. Generallycompanies
will have decided what kind of external access they wantto provide,
and if a request is made from a computer that does not fi tthe
profile, it is turned away. Configuring a packet filter entails
deciding what
kinds of access will be allowed and writing rules that enforceit.
For example, a company may want to let traveling employees check
their e-mail and access their project files but not view financial
data.
Restrictions can be written for internal Web sites, e-mail, FTP
sites,and all
other services.
Proxy servers act as intermediaries between the intranet and those
outside. These more sophisticated systems look not only at the
identity
of the outside computer but the content of messages and requests.These
systems provide the highest level of security but are quite expensive
and can noticeably slow access from outside. Higher levels of security
depend on encryption. With public keyencryption, a message is scrambled
into unreadable gobbledygook that must be decoded using a digital
key, essentially a series of numbers. Public key encryption uses
pairs of keys, one public, one private. Both keys are required
to decipher a message. If Company A wishesto receive encrypted
messages,
it would freely distribute its public keyto business partners B,
C, and D. When any of these companies needto send private messages
to Company A, they encrypt them with Company A’s public key.
These messages are now unreadable by any-one except Company A,
which uses its private key to decrypt them. The longer the key
(in bits), the stronger the encryption, that is, the harder it
is to
break. The federal government has been wrangling with Internet
companies for years over 40-bit versus 128-bit encryption. The
FBI and other
agencies do not want drug lords and terrorists to have access to
strong encryption without a back-door key available to government
watchdogs,
so export controls have been placed on 128-bit encryption technology.
These limits have been vociferously opposed by an alliance of civil
libertarians and e-business promoters, who see security as the
key to wide public acceptance of electronic commerce. At the time
of
this writing, it looks as if the government is backing off to some
degree.
Technologies used to support Internet security include certificates,
digital signatures, and Virtual Private Networks. Certificates
(also known
as digital IDs) vouch for the identity of the user, much like a
digital passport. They are purchased from a so-called trusted authority
(companies such as Verisign and Entrust). The browser
or e-mail client looks for a certificate from the sender and must
be configured to
receive it. Different classes of certificates reflect the level
of investigation that the trusted authority has made of the certificate
holder.
Digital signatures are the inverse of the public key encryption
system described above. Now, the private key is used to authenticate
a message, which can then be opened with the public key. In this
case
the private key serves to authenticate the sender, rather than
hide the message. Certificates and digital signatures enable secure
e-mail; recent mail programs such as Microsoft Outlook
keep track
of digital IDs and perform encryption and decryption automatically.
A Virtual Private Network (VPN, also known as tunneling) takes
a global, rather than per-message, approach to security. It allows
you to gain the benefits of a secure extranet without forcing individual
users to fiddle around with settings and certificates. All network
traffic between the intranet gateway and partner sites (or individual
remote users) is encrypted, then sent over the public network.
Instead of requiring each user to authenticate each transaction,
all traffic
is secure, much as if you were using your own private lines. VPNs
are typically proprietary solutions, meaning you must have compatible
hardware at both ends, which may be a problem for VPNs set up on
the fly to support a particular project, or even for a permanent
extranet that must accommodate a variety of client systems and
a changing cast of players.
 |
|
WebTrends analyzes
your server logs and provides a wealth of information about
visitors to your Web site |
Tracking Your Site
You may be interested in tracking usage of your Web site. If you
are running your own server, your Web server application can
generate a log file for your site. Most ISPs offering Web hosting
will
let you download the file from their server. You can then
use a log analysis utility, which will allow you to sift through
the
information and determine who is visiting your site, when and
for how long, which pages were visited, and so on.
Done on a large scale, such analysisis called data mining.
Be wary of inflated claims of site usage from Internet promoters
who boast of a million hits per month on their sites. Hits is a
measure of
the number of file accesses to a Web site. If the home page has
ten small graphics, one visit to that page will generate eleven
hits, because eleven different files were accessed, assuming that
the visitor didn’t leave impatiently before loading all the
images. If a large number of small buttons are used for navigation
instead of one large imagemap,for example, the number of hits will
be much larger, without revealing anything useful about how intensively
the site is being used. Thenumber of visitors is a more meaningful
figure, but even that does not reveal much about how deep into
a site those visitors went. Did they all look at the first screen
and leave?
continued...
|
|
