| Lesson 2 || The importance of security |
| Objective || Explain the need for security. |
Security, a major concern
Widespread reports of hackers breaking into everything from bank systems to e-commerce data systems and gaining unauthorized access to
critical data might discourage someone from connecting to the Internet.
In general, Web security is necessary to:
- Screen out users who are not who they claim to be (access control)
- Prevent proprietary data from being viewed, read, or copied by unauthorized persons (data confidentiality)
- Prevent data from being corrupted by accident, by malicious intent, or by a disruption such as a power failure (data integrity)
- Ensure that financial transactions are not intercepted
- Provide access to authorized individuals only
Client-side security threats
- Client-side security is aimed at protecting the end-user system. This is the end-user's personal computer system-their means of requesting resources from the Internet. Threats to client security include:
- Compromising privacy; for example, by theft of personal financial data
- Compromising end-user system integrity; for example, by introducing a virus into a system
- Using a system to compromise other nodes of a network into which the client is linked
Server-side security threats
A server provides services to multiple clients inside and possibly outside a network. Server-side security is directed toward protecting the components and data of the server from internal and external threats to the server's integrity.
For example, in what is called a denial of service (DoS) attack, an intruder targets a site to become so inundated with traffic (or hits) that it overloads the server's capacity and consequently shuts down the site and the server.
Imagine if you repeatedly called your pizza delivery shop, then hung up, just to prevent anyone else from getting through. You'll see other examples of server-side security threats in the MouseOver below.
Client-server connection security threats
Anything affecting the network connection between the client and server is a concern for both. Data traveling along the connection may cross several locations before it reaches its final destination. Consequences of breached security along this path include:
- Eavesdropping on the network
- Internet fraud; for example, IP address spoofing, DNS spoofing (Spoofing means impersonating)
The MouseOver below depicts the security threats to the client, server, and client-server connection.