Web Site Security Wilmington DE

Security is an important element of any web business. When you are examining your security, one of the first things you should ask yourself is: What are you protecting? What is your "crown jewel”? Read on for tips.

Econerd Computer Repair
(302) 374-0856
229 Romeo Dr
New Castle, DE
Hours
M-Th 5:00pm - 9:00pm, F-Su 9:00am - 9:00pm

Data Provided by:
First State Computer Services
(302) 288-0993
Call for appt or drop off
Claymont, DE
Hours
M-F 8:00am - 5:00pm, Sa 9:00am - 5:00pm

Data Provided by:
Technology Matrix
(302) 444-6860
625 Dawson Dr
Newark, DE
Prices and/or Promotions
Yext Offer
Hours
M-F 9:00am - 5:00pm

Data Provided by:
Blue Hen PC
(302) 883-8056
1214 Voshells Mill Rd
Dover, DE
Hours
M-F 8:00am - 5:00pm

Data Provided by:
Flexitechs
(302) 380-4157
PO Box 874
Ocean View, DE
Prices and/or Promotions
Yext Offer
Hours
M-F 8:00am - 6:00pm

Data Provided by:
PC Nerd Now
(302) 635-1423
829 N Waterford Ln
Wilmington, DE
Hours
M-F 9:00am - 9:00pm, Sa-Su 12:00am - 12:00am

Data Provided by:
Teamlogic IT
(302) 444-6165
311 Ruthar Dr
Newark, DE
Hours
M-F 9:00am - 5:00pm

Data Provided by:
Biz Tech Helpers
(484) 751-9991
103 S Newtown Street Rd
Newtown Square, PA
Prices and/or Promotions
Yext Offer
Hours
M-F 9:00am - 9:00pm, Sa 9:00am - 1:00pm

Data Provided by:
First State Computer Services
(302) 288-0993
Call for appt or drop off
Claymont, DE
Hours
M-F 8:00am - 5:00pm, Sa 9:00am - 5:00pm

Data Provided by:
Technology Matrix
(302) 444-6860
625 Dawson Dr
Newark, DE
Prices and/or Promotions
Yext Offer
Hours
M-F 9:00am - 5:00pm

Data Provided by:
Data Provided by:

Basic Principles in Web Site Security

Provided By: 

Protecting Your Online Business Presence
By Christopher Grello

Security is an important element of any web business. When you are examining your security, one of the first things you should ask yourself is: What are you protecting? What is your "crown jewel”?

A second question to consider is: Who are you protecting your environment from? Competitors? Rogue hackers? Script kiddies? Employees? Running through the steps of risk management is critical. Just as you do not want to protect the wrong thing(s), you don't to exhaust resources protecting against things that aren't as likely to happen.

For example, as a business, do you really need to invest in protection against a nuclear attack? Probably not if your company specializes in selling cookies over the internet. As an e-commerce web site, you DO need to consider how you will handle credit card information.

Elements of Good Security
Defense-in-depth: Sometimes referred to as layered security, this aims to employ several varied security measures rather than just one "super" layer. For example, consider the all-in-one security appliance that promises to "protect you from hackers in 3 easy clicks!" Sounds really exciting, but such promises often fall very short in practice. A single layer is really a single point of failure. It's similar to having a firewall without any other security measures in place. In a layered security approach, an environment might have the following elements in place (to name a few):

• Firewall
• Certain protocols restricted to VPN only
• IDS (NIDS and/or HIDS)
• Passwords required to access restricted resources
• Strong passwords enforced
• Periodic security scans from outside perimeter
• Multiple login failure lockout
• Penetration testing
• Periodic code validation

While the above list seems very long and complex, it usually isn't in practice. One of the things that helps an environment such as the above work efficiently is education of the persons using it. When users have an understanding, at least in part, of security and why certain elements are in place, they will themselves become agents that assist in auditing and maintaining the environment.

Principal of least privilege: To explain this concept in simple terms, if someone or something doesn't NEED access to a resource, they don't get it. A user might only need access to a single directory. Giving them administrative privileges to ALL directories would be a mistake. Even if you trust them and know without a doubt that they will not go into any other directory, it's a bad idea. What if someone obtains their login and goes into those other directories?

C-I-A: C-I-A is a concept of ensuring confidentiality, integrity, and availability of data/resources within an organization. Let's take a closer look:
Confidentiality: The idea is to ensure that only those who are permitted to access a given resource can do so. Further, it is typical for the manner in ...

Click here to read more from Home Business Magazine

© Copyright 2013 Home Business Magazine. All Rights Reserved. Privacy Policy | Terms and Conditions
Infoswell Media