Commentary: Security–a real issue
By Mike Lotz
SecurityA real issue
By Mike Lotz
Web site security is a big issue; while most people dont think theres anything to worry about, they are wrong. There are security risks that affect web servers, firewall systems and even your companys local area network (LAN).
The moment you install a web server at your site, youve opened a window into your network that the entire Internet can peer through. Most people will never know the window is open, but there will be a few who will crawl in and look around. The results can be minimal: for example, defacing your web site to the damaging, for example, theft of your entire customer database.
The general goal of network security is to keep strangers out. Yet the point of a web site is to provide the world with controlled access to your network. Drawing the line can be difficult. A poorly configured web server can a hole in the most carefully designed firewall, and a poorly configured firewall can make a web site impossible to use.
Take, for example, a well-known hole in Microsofts web server software lets vandals easily access parts of web sites belonging to big names such as The New York Times, Intel and Compaq Computer.
This bug in the server software allows vandals into your network to look around and change or take anything they want. Most hackers will tell you that they wont do any damage, but some of them will, and you dont want it to be your companys web site. There are also parts of your network that can be vulnerable, like firewalls, e-mail servers, VPNs and routers, to name a few.
There is a new breed of companies being started to take care of security issues. Companies like SecureWerks.com offer security audits that allow an understanding of the threats that your organization is exposed to, both external and internal.
I know that the web sites my companies have created are on very secure servers, and my customers can sleep well at night. Is your web site and/or network secure, or are your windows open for anyone to crawl in? If I were you, I would want to be sure, and call and contact an expert for a security audit throughout.
If you have any questions or comments, please e-mail me at firstname.lastname@example.org.