Safeguard Network  «Prev  Next»
Lesson 1

Internet Technologies Security

As you know, security is one of the primary concerns of everyone who relies on the Internet or on networked systems in general.
How do you safeguard your network? It is vital for Internet professionals to know computer network security methods and be diligent in implementing and using them. This module discusses the need for security and various security threats to the client, the server, and the client-server connection. You will also learn the differences between a security policy and a security plan. Then, you will find out about security services such as access control and encryption. Rounding it out, you will learn the nature of various suspicious activities and how you can counteract them.
What are the various security threats to the client, the server, and the client-server connection?
In a client-server architecture, security threats can target the client, server, and the connection between them. Here's an overview of various threats:
  1. Client-Side Security Threats: These threats impact the device and software the client uses to access the server.
    • Malware: Trojans, spyware, and viruses can compromise client devices, potentially capturing sensitive data.
    • Phishing Attacks: Users might be tricked into providing sensitive information through fake websites or emails.
    • Cross-Site Scripting (XSS): Malicious scripts injected into a trusted website can be executed on the client’s browser.
    • Session Hijacking: Attackers can steal or impersonate a user’s session by capturing session tokens.
    • Weak Authentication: If clients use weak passwords or multi-factor authentication is not enforced, attackers can easily gain access.
  2. Server-Side Security Threats: These threats target the server hosting the service and its data.
    • Denial of Service (DoS)/Distributed Denial of Service (DDoS): Attackers overwhelm the server with excessive requests, causing it to crash or become unavailable.
    • SQL Injection: Malicious SQL queries are injected into input fields, allowing attackers to manipulate or retrieve sensitive database information.
    • Server Misconfiguration: Incorrectly configured servers can expose vulnerabilities that attackers exploit to gain unauthorized access.
    • Insecure APIs: Exposed or poorly secured APIs can provide attackers with a backdoor into the server.
    • Brute Force Attacks: Attackers can use automated tools to guess usernames and passwords, gaining access to the server.
    • Ransomware: Malicious software can lock down server data, demanding payment to restore access.
  3. Client-Server Connection Security Threats: The communication between the client and server can be targeted, especially if it’s not properly encrypted.
    • Man-in-the-Middle (MITM) Attack: Attackers intercept and potentially alter the communication between the client and server, gaining access to sensitive information.
    • Replay Attacks: An attacker intercepts and retransmits valid communication data, potentially allowing unauthorized access by replaying valid requests.
    • Data Interception: If data is transmitted in plaintext (unencrypted), attackers can capture and read sensitive information.
    • SSL/TLS Attacks: Exploiting vulnerabilities in SSL/TLS protocols (such as downgrading to a weak encryption standard) to compromise data security.

Best Practices for Mitigation:
  • Client-Side: Use strong authentication methods, enforce multi-factor authentication, install anti-virus/malware software, and keep browsers and software updated.
  • Server-Side: Secure APIs, use firewalls, apply regular security patches, encrypt sensitive data at rest, and harden server configurations.
  • Connection Security: Use strong encryption protocols like TLS for data transmission, implement strict SSL configurations, and ensure certificate validity.

Need for Security

No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a security program by information security professionals. Whether yours is seven or 203 pages long, the process of creating a security program will make you think about the security of your organization. A security program provides the framework for keeping your company at a desired security level by
  1. assessing the risks you face,
  2. deciding how you will mitigate them, and
  3. planning for how you keep the program and your security practices up to date.

Value of Company Data

The key asset that a security program helps to protect is your data and the value of your business is in its data. You already know this if your company is one of many whose data management is dictated by governmental and other regulations. For example, how you manage customer credit card data. If your data management practices are not already covered by regulations, consider the value of the following:
  1. Product information, including
  2. designs, plans,
  3. patent applications,
  4. source code, and drawings
  5. Financial information,
including market assessments and the financial records of your company.
By the end of this module, you will be able to:
  1. Explain the need for security
  2. Identify the characteristics of a good security plan
  3. Explain the basic methods used to keep connections to the Internet secure
  4. Describe the differences between the security needs for the Internet, intranets, and extranets
  5. Describe the various types of attacks that an Internet server is vulnerable to
  6. Describe the various types of technologies to counteract server attacks
In the next lesson, you will learn about the need for network security.

SEMrush Software 1 SEMrush Banner 1