Risk of Insecure System
Risks of insecure systems
There are basically three overlapping types of risk that we need to worry about on systems connected to the Internet:
Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to:
Steal confidential documents not intended for their eyes.
Execute commands on the server host machine, allowing them to modify the system.
Gain information about the Web server's host machine that will allow them to break into the system.
Launch denial-of-service attacks, rendering the machine temporarily unusable.
Browser-side risks, including:
Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance.
The misuse of personal information knowingly or unknowingly provided by the end-user.
e.g. Identity theft or Session hijacking
Interception of network data sent between browser and server via eavesdropping. Eavesdroppers operate from any point on the path between browser and server:
The network on the browser's side of the connection.
The network on the server's side of the connection (including intranets).
The client or server's Internet service provider (ISP).
Either ISPs' regional access provider.
Some of these risks every user of the internet needs to be aware of (e.g. browser side risks and the fact that traffic can be intercepted in transit to and from the server) and others are the sole responsibility of the internet provider.
As a small business owner you need to be aware of these risks and take steps to insure that your website is not vulnerable to them - or promoting them. To do this you wail want to make sure you are using a reputable hosting provider that will monitor your site for denial of service attacks and other server side problems. You will want to make sure you use SSL to encrypt all sensitive data transmission between yourself and your users. You will want to make sure any software you use on your site
There are basically three overlapping types of risk that we need to worry about on systems connected to the Internet:
Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to:
Steal confidential documents not intended for their eyes.
Execute commands on the server host machine, allowing them to modify the system.
Gain information about the Web server's host machine that will allow them to break into the system.
Launch denial-of-service attacks, rendering the machine temporarily unusable.
Browser-side risks, including:
Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance.
The misuse of personal information knowingly or unknowingly provided by the end-user.
e.g. Identity theft or Session hijacking
Interception of network data sent between browser and server via eavesdropping. Eavesdroppers operate from any point on the path between browser and server:
The network on the browser's side of the connection.
The network on the server's side of the connection (including intranets).
The client or server's Internet service provider (ISP).
Either ISPs' regional access provider.
Some of these risks every user of the internet needs to be aware of (e.g. browser side risks and the fact that traffic can be intercepted in transit to and from the server) and others are the sole responsibility of the internet provider.
As a small business owner you need to be aware of these risks and take steps to insure that your website is not vulnerable to them - or promoting them. To do this you wail want to make sure you are using a reputable hosting provider that will monitor your site for denial of service attacks and other server side problems. You will want to make sure you use SSL to encrypt all sensitive data transmission between yourself and your users. You will want to make sure any software you use on your site