Skip to main content

I am a cybersecurity specialist from Dayton, Ohio. I have been providing professional cybersecurity advice for over 6 years. My area of expertise is a proactive approach to malware protection and online privacy. I love my work, as well as classical literature, hiking and husky.

 

What is web security?

3 min read

Security of the web at the present moment is a great concern. When talking about security, the key topics are information and accessibility. If any entity is to mischeviously obtain private information or gains access to a private computer or corporate network/intranet, the results in either case could be devastating.

 A lot of companies and organizations on the web have critical information. Some may obtain it due to commerce activity, others may be in the business of data collection and research while some may purchase data for marketing purposes etc. No matter what the source of this information is, it must be protected from falling into the wrong hands.

Imagine finding out one day that your Platinum card that was empty last month has been maxed out. Or the brand new exotic car in your driveway was stolen. You start to wonder how did they get the information, --- probably by hacking into or intercepting the information enroute to a web server. Both of these examples show why security on the web is such an issue.

Identity Theft is a real issue with real consequences. Many have become victims and many still remain vulnerable. But there are measures and precautions that you can take to make sure that you don't fall into the trap.

One effective precaution that you can take is not to click on any links recieved in emails, especially to pages which require you to login. Rather, open those links yourself by typing in the url in a new browser window manually. This will prevent you from falling into the 'disguised link' trap where a spoofer sends you a phony email pretending to be from your financial institution with a link to a fabricated login page. As soon as you submit your login information, it is captured by the spoofer and now he can login with your username and password.

We also recommend that you use desktop VPN software or browser extension VeePN for google chrome. VPN encrypts all information transmitted through an Internet connection, which means that it makes your sensitive data inaccessible to attackers.

 

Web vulnerable to breaches

Securing the web means to secure every possible channel of data travel between the host and the client which are:

  • The Web Server
  • Data enroute to and from Web Server
  • Client computer

We can see that this task is complex and why the web is vulnerable to security breaches.

Web servers are the face of an organization to the public. A successful attack on a web server may be seen by hundreds of thousands of people, creating a bad public image for that organization. In 1996, the official website of the CIA was hacked into merely as an act of vandalism. The title was changed from “Central Intelligence Agency” to “Central Stupidity Agency”. There was also a case where the internal network of AT&T was infected with a virus deleting critical information.

Data enroute to and from a web server may also be intercepted by a third party. Hackers may also set up programs to bombard the Web Server with thousands of requests per second making it hard to handle valid requests.

HTML alone does not pose a direct security threat but it also limits the possibilities for an interactive web based experience. That’s why companies use technologies such as ActiveX, Java, Javascript and plug-ins etc. These technologies definitely make the web pages look more alive, but at the cost of security.