If you have created and or run your own website, it is important to be aware of the security risks that pose a threat to the security of your website. These acts will often be carried out by people trying to gain access to your website for malicious reasons, the potential risks are.
Hacking
Hacking is the illegal process of gaining access to a website or a network without authorisation through malicious attacks. In order to gain access to the network the hacker will most likely have to bypass the networks security systems such as firewalls. Once inside the network the hacker will have the same privileges as an administrator they will use this power to try to accomplish goals outside those of the creator. There are a variety of goals hackers can have e.g. to shut down a webpage completely or to post their own content on to the page. Often hackers are computer experts thus can be rewarded with jobs testing the security of websites and networks within an organisation. High profile examples in hacking can be seen in the case studies.
Pagejacking
Pagejacking is the practice of copying content and HTML source code from a legitimate website to a cloned version. This means that the web browser will display to the user the a cloned page which they believe is the real one. This can be used to display either illegal or contradictory content to the actual website. Presumably the user will quite quickly realise the page is cloned and will try to close it. For this reason 'jacked pages' often contains mousetraps which don't allow the user to leave the page by opening a new URL every time the user attempts to close the page.
Viruses
Viruses often make there way into systems by appearing to be legitimate programs but instead they contain hidden destructive code that can affect a computer with a virus. In the world today their are hundreds of computer viruses and they each perform different functions for their creator meaning a virus can pose many threats to a website some include:
- Corrupting or deleting data on the hard drive
- Important/confidential details can be stolen
- Harming relationships between partners by displaying malicious content or forwarding them a virus
- Using your computer to carry out further attacks
Phishing
Phishing is an online scam most commonly carried out by email, an email is sent out on a mass scale to a wide range of recipients claiming to be from a legitimate enterprise usually a bank. The email will then take you to a website mimicking the legitimate organisation the email is claiming to be from. From here the user will be asked to enter personal/bank details. If confirmed the users details we be stolen and possibly used for identity theft.
Identity Theft
Identity theft links in with some of the potential risks above and is often a result of them especially phishing and hacking. Some websites have a responsibility to store private and sensitive data about their customers (as set out by the Data Protection Act 1998.) If their secure systems get hacked this information could be stolen and used for identity theft or to steal from the customers. A recent example of this is when Playstation got hacked and the credit card details and details such as address were stolen. Feasibly many customers could have had their identity stolen. It is solely the responsibility of the website's creator/moderator to make sure these details are secure.
References
No comments:
Post a Comment