|
ACADEMIC COMPUTING and COMMUNICATIONS CENTER | ||||||||
|
|
|
|
|
|
|
|
|
|
Keeping Secure on the Web | ||||||
|
||||||
| If You're an "End User" | ||||||
|
If you're an "end user," someone who uses the Web for fun,
for learning, and maybe even for a little business, you have two sets of
worries: what the programs you download and run might do to your browser
or even your system (yes, you can get a virus from the Web), and the misuse
of personal or confidential information you knowingly or unknowingly send
over the Web.
Being prudent with the programs you download from the 'Net yourself is pretty easy; always run a virus checker on them before you run them. There's no excuse if you don't have one; you can get Dr. Solomon's antivirus at no cost under a UIC site license. For more information, see: http://www.uic.edu/depts/accc/software/antivirus/ You also have to worry about programs your browser downloads and runs for you on your machine, perhaps without asking or telling you. This "active content" includes pages with JavaScript or programs in Java or ActiveX. There's a bit about active content in Active Content on the Web. Return to Contents The misuse of personal information is perhaps a more important problem in the long run for you as a Web user. Whether you know it or not, you probably have already sent private or sensitive information over the 'Net, and no doubt you'll do it again. There are three ways "the bad guys" might get to this information. They might intercept it as it travels over the Internet to its destination (that's called eavesdropping), or they might be its destination, because they're not really who they say they are (that's called spoofing), or they might steal your information after it gets to its destination, because the Web or network administers on the other side aren't doing their job properly. Secure Sockets Layer, SSL, is an answer to both eavesdropping and spoofing; see Security in Transmission: SSL. There's not much you can do about Web or network administrators not doing their jobs, except for being careful who you deal with. How can you be sending information out on the Web that you don't know about? See Cookies on the Web and Active Content on the Web. Return to Contents |
||||||
| If You're a Web Page Owner or Web Site Manager | ||||||
|
If you're a Web page owner or Web site manager,
your primary concerns will probably be about your Web files. You must be
careful about the permissions you set on them and about who you trust to
change them. While most Web pages are intended for public viewing, you
might want access to certain files to be restricted to a specific audience.
(That can be done, and you'll have a choice of levels of restrictions:
to anyone at UIC, anyone at the University of Illinois, or to a specific
list of people, complete with password protection. You can also encrypt
files for transfer, which protects them from interception while they're
in transit. All of these options are introduced in
Security
for Web Files and Data.)
You'll also have to worry about something you might not have considered before -- copyright issues. See Copyright and Fair Use for an introduction to the type of questions you should ask when you consider using other people's work in your Web site. Finally, as a Web page owner, you should spend some time thinking about your Web site from the Web administrator's point of view. It'll help you understand their policies and it's fair, too -- Web server administrators spend a lot of time addressing Web page owners' concerns. Return to Contents If your Web pages are on an ADN Web server (www.uic.edu or www2.uic.edu), the ADN Network Services Group (introduced in the Jan/Feb/March issue of the ADN Connection) and the ADN Operating Systems Support Group (introduced in this issue) are your Web server administrators. We're also responsible for the UIC secure Bluestem server, ness.uic.edu. We take our job as protector of these Web servers very seriously. I can't say we'll never make any mistakes, but I can say we will always do the best we can, erring on the side of caution when we must. That's why we don't allow arbitrary CGI scripts to be run on these servers. Return to Contents If you're responsible for administering a Web server or for a network or machine on which a Web server runs, your primary Web security worry will be technical. Bugs in the server's software and errors in how it's been set up can lead to problems such as unauthorized access to confidential files and accidental or malicious access to the machine or network. Bad things can, and probably will, happen -- Web servers are big, complicated pieces of software that use a lot of machine resources. Return Contents |
||||||
| Want to learn more? | ||||||
|
See the World Wide Web Consortium's (WIC)
"The World Wide Web Security FAQ" at http://www.w3.org/Security/Faq/
It's amazingly complete. Illustration (c) SoftKey International Inc.
and its licensors.
|
||||||
| The ADN Connection, April/May/June 1998 | Previous: A Time of Opportunity, a Time to Move On (from CMS) | Next: Web Security for Files and Data |
| 1999-9-8 connect@uic.edu |
|
