This content is no longer maintained. Please visit our new website.

ACCC Home Page Academic Computing and Communications Center  
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 
The ADN Connection, April/May/June 1998 The A3C Connection
April/May/June '98 Contents A Time of Opportunity, a Time to Move On (from CMS) Keeping Secure on the Web Web Security for Files and Data The ADN Post ADN Free Summer Seminars Cookies on the Web
Picking Keywords for UIC Search Copyright and Fair Use Operating Systems Support Group Guidelines on Email Size Active Content on the Web About the ADN Connection  

Keeping Secure on the Web

 
News and Reviews WWW Everyone 
When it comes to being secure on the World Wide Web, the question isn't "Do I need to worry?" I'm sorry, you do. "Well, then, what do I need to worry about?" Your answer to this question depends on how you use the Web.
 
     
 
     
If You're an "End User"
  If you're an "end user," someone who uses the Web for fun, for learning, and maybe even for a little business, you have two sets of worries: what the programs you download and run might do to your browser or even your system (yes, you can get a virus from the Web), and the misuse of personal or confidential information you knowingly or unknowingly send over the Web.

Being prudent with the programs you download from the 'Net yourself is pretty easy; always run a virus checker on them before you run them. There's no excuse if you don't have one; you can get Dr. Solomon's antivirus at no cost under a UIC site license. For more information, see: http://www.uic.edu/depts/accc/software/antivirus/

You also have to worry about programs your browser downloads and runs for you on your machine, perhaps without asking or telling you. This "active content" includes pages with JavaScript or programs in Java or ActiveX. There's a bit about active content in Active Content on the Web.

Return to Contents

The misuse of personal information is perhaps a more important problem in the long run for you as a Web user. Whether you know it or not, you probably have already sent private or sensitive information over the 'Net, and no doubt you'll do it again. There are three ways "the bad guys" might get to this information. They might intercept it as it travels over the Internet to its destination (that's called eavesdropping), or they might be its destination, because they're not really who they say they are (that's called spoofing), or they might steal your information after it gets to its destination, because the Web or network administers on the other side aren't doing their job properly.

Secure Sockets Layer, SSL, is an answer to both eavesdropping and spoofing; see Security in Transmission: SSL. There's not much you can do about Web or network administrators not doing their jobs, except for being careful who you deal with. How can you be sending information out on the Web that you don't know about? See Cookies on the Web and Active Content on the Web.

Return to Contents

 
     
If You're a Web Page Owner or Web Site Manager
  If you're a Web page owner or Web site manager, your primary concerns will probably be about your Web files. You must be careful about the permissions you set on them and about who you trust to change them. While most Web pages are intended for public viewing, you might want access to certain files to be restricted to a specific audience. (That can be done, and you'll have a choice of levels of restrictions: to anyone at UIC, anyone at the University of Illinois, or to a specific list of people, complete with password protection. You can also encrypt files for transfer, which protects them from interception while they're in transit. All of these options are introduced in Security for Web Files and Data.)

You'll also have to worry about something you might not have considered before -- copyright issues. See Copyright and Fair Use for an introduction to the type of questions you should ask when you consider using other people's work in your Web site.

Finally, as a Web page owner, you should spend some time thinking about your Web site from the Web administrator's point of view. It'll help you understand their policies and it's fair, too -- Web server administrators spend a lot of time addressing Web page owners' concerns.

Return to Contents

If your Web pages are on an ADN Web server (www.uic.edu or www2.uic.edu), the ADN Network Services Group (introduced in the Jan/Feb/March issue of the ADN Connection) and the ADN Operating Systems Support Group (introduced in this issue) are your Web server administrators. We're also responsible for the UIC secure Bluestem server, ness.uic.edu. We take our job as protector of these Web servers very seriously. I can't say we'll never make any mistakes, but I can say we will always do the best we can, erring on the side of caution when we must. That's why we don't allow arbitrary CGI scripts to be run on these servers.

Return to Contents

If you're responsible for administering a Web server or for a network or machine on which a Web server runs, your primary Web security worry will be technical. Bugs in the server's software and errors in how it's been set up can lead to problems such as unauthorized access to confidential files and accidental or malicious access to the machine or network. Bad things can, and probably will, happen -- Web servers are big, complicated pieces of software that use a lot of machine resources.

Return Contents

 
     
Want to learn more?
  See the World Wide Web Consortium's (WIC) "The World Wide Web Security FAQ" at http://www.w3.org/Security/Faq/
It's amazingly complete.
 
Illustration (c) SoftKey International Inc. and its licensors.
 
The ADN Connection, April/May/June 1998 Previous:  A Time of Opportunity, a Time to Move On (from CMS) Next:  Web Security for Files and Data


1999-9-8  connect@uic.edu
UIC Home Page Search UIC Pages Contact UIC