By Osvaldo Callegari
Protection for business information
When a company sells a product, whether it is called an operating system, management system, etc., it offers it as a finished product that is not really such.
Why do we say this? There is an elegant way to promote what we acquire, the application needs to incorporate an improvement to increase security, in short a patch. Now, the question is is a security patch or modifications is not somehow a complete sign that the system is not complete?
On the other hand, there is the manifesto that is included with the paranoia buystrap, where we accept the rules of the game. This is quite misrepresented. Now companies learned to do their homework, because they are looking for other companies that provide certification services that endorse these products, as we commonly say "before leaving the oven". We can mention two companies that are certifying with very good response in the market, they are West Coastal Labs and Inteliguardians LLC. In the future, new providers of this service will emerge because it is a demand demanded by new technologies.
That is why we see how certain companies apply certain products to be at the forefront or anticipate the challenges of the vulnerabilities of their systems.
The Great Highway: Internet
Today the transport of information goes along a very wide road that is the Internet, of course until recently we said that it was not entirely stable, but with the incorporation of voice services as a strong product that lowers the costs of companies, necessarily the feedback of the Internet is becoming solid through new demands of communication n.
To do this, by way of introduction, we expanded the operation of communications on the web and the ways to apply security to them. As a corollary we add a case study of a company that develops software for data access.
Challenges that arise in the use of web communications
As is known, communications on the web has many benefits, but at the same time they carry certain challenges such as:
•Limited interaction: interaction on a web page is limited because it cannot communicate with the server in real time, except when it is sent by the user. For example: if a program needs to update a list field, it needs the refresh of the entire page to reach a certain field.
•Need for programming expertise: the web and its communication is still quite unknown to old-wave programmers, who were busy developing client server services, standard applications or programming on multi-core computers (mainframes); therefore they are not yet familiar with these new technologies, their scalability and portability.
• Security risks: the use of the web presents new security risks to your company's network as well as vulnerabilities when programming, since private and own data can be publicly exposed.
•Browser compatibility: Unfortunately, competition between browsers results in several differences in supporting standards, creating confusion among users, in addition to the vital importance of compatibility errors with web applications. It is advisable to check each application with different browsers. A very useful tool is NetMechanic browser, if you can download it from www.netmechanic.com/browser-index.htm
• Weaknesses of web tools: the development of web applications entails the consumption of a lot of programming time due to the absence of moderately solid or stable web tools; the existing ones require extensive knowledge and experience to be able to apply them: and the most recent ones facilitate the creation of web applications. We can cite macromedia Dreamweaver MX, Microsoft Visual Studio.NET and Codecharge YesSoftware as more robust platforms.
•Web application architecture: In general, web applications use the client/server architecture, where browsers act as thin client in a two-layer process.
•Application servers: An application server is the middle layer in the three-degree architecture or tiers. The servers process the business logic themselves and generate communication between the browser and the database.
•Web services: web services are programs that do not take information on the screen or on the web server; instead they send the output to other programs in the XML format. They do not receive the data entered by users from the keyboard, but they read the information sent to them by other services. Web services allow programs to exchange information over the Internet and run remote applications as part of a local system software.· •Cookies: Cookies are small data sent by a program to the browser and stored on the local computer to be retrieved later.
•Session variables: Session variables are similar to common local variables, which in turn are used to store information that can be retrieved by other pages during the course of a user session. Within them is stored the ID of the person who entered and other auxiliary data.
•Application variables: application variables are available on all pages of a web application, they can be accessed by all users who are not in the current session precisely. All of these variables are initialized when the server is restarted.
The GET and POST methods
When you create web pages that contain fields with data entry, the fields appear among the following marks that create a form: <form> and
The first method causes the information entered in the form to be sent to the server when the user clicks on a submit button. The POST method generates that the information sent travels in a data stream invisible to the user. With the GET method, a new page is generated in the default browser with the requested parameters followed by a question mark and each parameter separated by the ampersand & sign.
For example, if a form asks a user to enter first and last name after submitting the form, the user is redirected a new page to a link like this: http://www.misitio.com/pagina1.asp?nombre=James&Apellido=BondEstos commands can be generated manually by entering the link to the browser where additional information exists. The server program that is currently running will only accept information in the original format of the data and content it uses.
Use a firewall to secure access to the Internet.
Computers that publish their data over the Internet are exposed to various security risks such as hackers or virus infections. Because of these risks, we recommend that you use a firewall to filter out unwanted external requirements.
The firewall must be configured to meet a specific criteria and filter all incoming and outgoing traffic, and in turn have a port policy. Many firewalls work as routers and or proximity servers, allowing with a single device to give Internet connectivity to all computers. Due to security risks, firewalls have grown exponentially.
Advanced Security Configuration Tables
These tables allow you to extend security settings within applications. The example we show is from YesSoftware's CodeCharge programming environment.
We saw examples of applications, languages, and how security is applied through encryption. This is a fairly extensive topic to discuss in an article, but as always it is our theme to bring the reader brushstrokes of technologies to allow him to at least obtain primary concepts.
As a corollary we can say that it is important to see the certifications of the products and what verifications they have made, this speaks of the fact that we are using a safe product.
The product brands, names, functions mentioned are registered by their respective companies.
*For queries, comments and / or concerns you can write to the email [email protected]
