Safeguard Network  «Prev  Next»
Lesson 2 The importance of security
Objective Explain the need for security.

Major Concern of Security

Widespread reports of hackers breaking into everything from bank systems to e-commerce data systems and gaining unauthorized access to critical data might discourage someone from connecting to the Internet.
In general, Web security is necessary to:
  1. Screen out users who are not who they claim to be (access control)
  2. Prevent proprietary data from being viewed, read, or copied by unauthorized persons (data confidentiality)
  3. Prevent data from being corrupted by accident, by malicious intent, or by a disruption such as a power failure (data integrity)
  4. Ensure that financial transactions are not intercepted
  5. Provide access to authorized individuals only

Client-side security threats

  1. Client-side security is aimed at protecting the end-user system. This is the end-user's personal computer system-their means of requesting resources from the Internet. Threats to client security include:
  2. Compromising privacy; for example, by theft of personal financial data
  3. Compromising end-user system integrity; for example, by introducing a virus into a system
  4. Using a system to compromise other nodes of a network into which the client is linked

Server-side security threats

A server provides services to multiple clients inside and possibly outside a network. Server-side security is directed toward protecting the components and data of the server from internal and external threats to the server's integrity. For example, in what is called a denial of service (DoS) attack, an intruder targets a site to become so inundated with traffic (or hits) that it overloads the server's capacity and consequently shuts down the site and the server. Imagine if you repeatedly called your pizza delivery shop, then hung up, just to prevent anyone else from getting through. You'll see other examples of server-side security threats in the MouseOver below.

Client-server connection security threats

Anything affecting the network connection between the client and server is a concern for both. Data traveling along the connection may cross several locations before it reaches its final destination. Consequences of breached security along this path include:
  1. Eavesdropping on the network
  2. Internet fraud; for example, IP address spoofing, DNS spoofing (Spoofing means impersonating)

The MouseOver below depicts the security threats to the client, server, and client-server connection.
Network Security Threats
  1. Security threats on a client system target active content and privacy infringement. In other words, your personal computer system becomes the object of attack.
  2. Security threats on a server system include server/LAN break-ins, and Denail-of-service attacks.
  3. Threats to both client and server via the connection between them include eavesdropping and internet fraud.

Network Security Threats
In the next lesson, you will learn the characteristics of a good security plan.