Tutorial
HTML
Dreamweaver
|
s
Topic
11 - Current Issues
Copyrights
-
Copyright
laws forbid copying the protected work of someone else and
selling it for profit, they don't extend to copying an idea
here and there.
-
You
can copy ideas from other web pages - but beware, while copyright
laws let you copy ideas here and there, they expressly forbid
you to copy a sophisticated sequence of ideas.
-
Blocking
software - a program that blocks access to certain parts of
the Internet deemed objectionable based on predetermined criteria.
-
Arguments
for censorship claim that blocking software assumes computer-literate
parents, and many do not and never will meet this standard.
-
You
can secure pages in several ways.
-
Secure
Electronic Transaction (SET) - encrypting credit-card-transaction
data for save passage over networks.
-
A
digital signature method has also been developed to authenticate
the identities of buyers and sellers.
Privacy
-
As more and more users begin to rely on the web for day-to-day
business and personal tasks, the issue of privacy gows in importance.
-
Web designers should never quickly dismiss user concerns, as this
would go against the very nature of user-centered design.
-
Consider the user's fear of privacy related to tracking their
online movements.
-
A privacy policy should be written that overviews the collection
and usage of sensitive information.
-
Organizations like TRUSTe will help sites create a privacy policy.
-
If sensitive or personal information is collected, provide an
easily accessible and understandable privacy statement.
Common
Site-Protection Methods
Method
|
Discussion
|
Use
and rotate strong passwords
|
Use
longer, difficult-to-guess passwords. Make sure there is
a limit to the life of passwords. Consider using hardware-generated
passwords. |
Maintain
your OS
|
Keep
operating system software up-to-date by applying all patches
and upgrades. |
Limit
access points
|
Remove
services that are not in common use. Limit web servers to
only providing web services and consider removing any form
of network protocol access to a server except HTTP. |
Set
up a firewall
|
Configure
a firewall so as to limit network traffic. Consider using
both packet-filtering and application-protocol limitations. |
Use
strong encryption
|
When
transmitting sensitive data, either via email or HTTP, encrypt
the information using the strongest possible ciphers allowed. |
Use
digital certificates
|
Install
digital certificates from organizations like VeriSign so
that identity can be verified. |
Reduce
information leakage
|
Don't
freely expose information that a hacker could utilize to
figure out a hole to exploit on your system. Don't allow
a remote login, at least modify any prompts returned not
to indicate the variant of the software or operating system
in use. Modify your HTTP server headers not to reveal the
type of web server in use. Don't reveal the type of technology
used in programmed web pages like Perl. Consider using generic
file extensions like .cgi instead of language specific ones
like .pl. avoid exposing information about your network
through domain name services. Avoid naming systems in such
a way as to reveal their operating system. Modify your WHOIS
record not to include personnel information that can be
used in social engineering attacks. |
Employ
physical security
|
Limit
physical access to important servers. Destroy sensitive
documents, including documents that detail network or server
configurations. |
CGI
Application Theory | Back to Main Page
Copyrights
Reserved © Web Publishing 2003
|
|
-
Assignment
1
-
Assignment
2
-
Quiz
1
-
Quiz
2
- Project
|
Announcement
To
all my students!
Please
visit this web site regularly.
|
|