Thursday, April 05, 2007

Hacking as an inside job

"Leaving your Web applications insecure makes no more sense than building a brick wall but using a gate made from chain link fencing." – James Gaskin
Whenever the President of the United States travels anywhere there are numerous individuals charged with making sure the President is secure and unharmed from attack. This is the premise behind Internet security. The work you have done on your site is the product of valuable time and energy. For some business owners the website represents significant research and creative energy. It is possible for a vulnerable website to be hijacked and remade in the image of something that only resembles your website in name only or to have safeguarded data copied for the use of a third party.

One of the biggest mistakes a website owner can make is allowing the work to be left unguarded. As reported in recent years hacking of a computer system can occur both from within a company or from a remote location, which makes the use of Internet security so important.
“Advances in firewall technology (making them easier to install and configure), improvements in vulnerability scanning and better explanations of how to repair them, and better intrusion-detection with fewer false-positives are all key technologies in this race.” – Dr. Charles C. Palmer
Some hackers argue they are not involved in felonious activities, but are simply seeking knowledge and using the internet to find answers, however the U.S. Government views the activity as a felony and punishable by applicable state and federal laws.

It should be noted that the term hacker has been adjusted. No longer is the term ‘hacker’ only used to describe someone gifted at programming and is able to break a website code to gain access to information. Today a hacker is also someone who misappropriates company data. Typically this scenario occurs from an inside and often trusted source.
“System administrators must learn about and maintain their systems securely. Users have to understand their security responsibilities.” – Dr. Charles C. Palmer
In many cases, business are now making a non-disclosure agreement a part of the hiring procedure to provide an extra legal recourse in the event that data is electronically removed and used in ways unauthorized by company heads.
“If a stranger came into your house, looked through everything, touched several items, and left (after building a small, out of the way door to be sure he could easily enter again), would you consider that harmless?” – Dr. Charles C. Palmer
Taking security issues seriously is needed in the development of a web-based business infrastructure. It may be worth exploring both on-site and off-site security features as a means of ensuring the long-term usability of your website.

No comments: