Firewalls
Firewalls can be both hardware and software and are put in place to stop unauthorised access to private networks, they are especially used to protect intranets which have restricted access anyway. A firewall will examine all incoming and outgoing communications and make a decision whether to allow it access or not. This decision will be made on a set of criteria created by the user. An example of this criteria would be the user instructing the firewall to block communications from a certain IP address. Firewalls can be purchased from companies such as McAffe and AVG.
Secure Socket Layers (SSL)
SSL is a protocol that helps ensure that messages sent from a website are sent securely. The securest areas of sites are often protected by SSL for example pages after you have logged in to a site. SSL encrypts the messages being sent so anyone trying to view data not intended for them for malicious reasons can't only the users computer and server can recognise the data. Another example of SSL is online shopping, without SSL it would be too insecure to work as SSL encrypts your personal details such as name, address and bank details so only you and the vender can see it. An easy way to know if the page you are visiting is secure is by looking at the start of the web address, if it says HTTPS the website is secure.
Digital Certificate
Digital certificates are attached to electronic messages to aid security. The most common type of digital certificate is to verify that the sender of a message is who they claim to be. The user then has the chance to send an encoded reply. In order to obtain a digital certificate you have to apply to the CA (Certificate Authority) with ID details. The applicant is then issued with their own key and the CA's public key. The recipient of the message uses the CA's public key to decode the message.
Passwords
In order to stop unauthorised access to a website a person can set up password or word catchers, these can be put on the computer itself and the content of the website for example databases. When setting up a password you should ensure that it is not too obvious i.e. something obviously related to you. The safer passwords contain a mix of lower case letters, capital letters and numbers. Word catchers are good as they will prevent computer programs not being controlled by humans gaining access to your website and spamming it.
Legal Considerations
When dealing with website security there are a series of legal obligations and considerations that a website creator has to implement.
Data Protection Act (1998)- The Data Protection Act was created when computers started to become available to everyone and were being used to store personal data. The main aim of the act is to stop the misuse of personal information held by a company. This is because be serious crimes such as identity theft could be committed with the stolen information. The act has 8 important principles that have to be adhered to when handling personal data.
- It has to be fairly and lawfully obtained
- It can't be used for any other reason that the one specified to the client
- Only that is relevant to the purpose is aloud to be stored
- The information can't be held for any longer than necessary and has to be kept up to date
- It has to be correct and not more detailed than it needs to be
- Processed in accordance to the rights of the person it concerns
- The information has to be kept securely
- It can't be transferred out of the European Economic Area without a suitable level of data protection
In order stick to this act an organisation will have to ensure that they restrict access to data so only people that need to can view it and that when it is viewed it isn't taken out of the system. They could do this by creating an intranet/remote network, this will allow users to access information they need anywhere without taking it out of the system and it potentially getting lost or stolen. Along with that an organisation will have to regularly check their information and protocol to ensure they aren't breaching the act.
Computer Misuse Act (1990)- This act came into effect in 1990
Privacy and Electronic Communication Regulations 2003- This act was created to stop increasing levels of criminal activity relating to computers, mainly hacking. A large amount of data was being accessed by people who had no right to access it. For this reason the Computer Misuse Act covers
- Unauthorised access to computer material
- Unauthorised access with intent to commit a criminal offence
- Unauthorised acts with intent to impair the use of the computer
To effectively implement this act companies may have to employ extra staff within the IT department or they will have to train their current ones on what is and isn't permitted under the terms of this act. These staff would also be in charge of monitoring the system to ensure no one is breaching the act to steal material. Along side this they will have to put policies and security mechanisms to stop anyone being able to remove information from the system without authorisation.
Privacy and Electronic Communication regulations (2003) - This act was passed in 2003 because obtaining information about people online was happening in a unregulated way and in ways that were hidden from the consumer themselves. Regulations regarding the following practices were drawn up.
These regulations have caused companies to check that they are only sourcing information form valid and trusted sources, this will help them as they may be questioned to see if they really are following the regulations. Companies now have to make it obvious to consumers that they will be advertising them especially through the use of cookies, in an advertising sense cookies track what a user visits and use this information to suggest adverts for them on other websites that they may be interested in. Now companies are obligated to inform the user if their website runs cookies.
References: - Spam
- Cookies
- Location and Traffic Data
- Publicly available directories
These regulations have caused companies to check that they are only sourcing information form valid and trusted sources, this will help them as they may be questioned to see if they really are following the regulations. Companies now have to make it obvious to consumers that they will be advertising them especially through the use of cookies, in an advertising sense cookies track what a user visits and use this information to suggest adverts for them on other websites that they may be interested in. Now companies are obligated to inform the user if their website runs cookies.
http://www.webopedia.com/TERM/F/firewall.html
http://www.techterms.com/definition/ssl
http://www.webopedia.com/TERM/D/digital_certificate.html
Some good detail here, and good demonstration of research. Well done.
ReplyDelete