Myth 1: We have firewalls in place.
The fact is.-
Access to the server through ports 80 and 443 makes the web server part open to external perimeter defenses.
- Vulnerabilities in the web server software or web applications may allow access to internal network resources.
Myth 2: We encrypt our data.
The fact is.
Not sure which encryption methodology will protect the data.
Let us say if the hacker comes to know abt the encryption techiniques used by the developers, there are several tools in market where we can decrypt the encrypted data.
Myth 3: We have a privacy policy.
The fact is.
No full proof policy till date. This is only theoretical which is difficult to incorporate programmatically in real time.
Myth 4: The IDS (Intrusion Detection System) protects my web server and database.
The fact is.
- The IDS is configured only to detect signatures of various well-known attacks
- Attack signatures do not include those for attacks against custom applications. An IDS (for example Snort) uses deep packet inspection to view the payload of packets into the network. By using signatures (blacklists) malicious payloads can be stopped before entering the network.
Myth 5: SSL secures my site.
The fact.
- SSL secures the transport of data between the web server and the user’s browser
- SSL does not protect attacks against the server and applications
- SSL is the hackers best friend due to the false sense of security
Myth 6: My application is internal
The fact.
- Threats are not only to external applications, threats are applicable to internal applications as well. Various published reports have been proven that security risk to the application will be more internally than externally. However , taken the example, which is our internal application any employee will be more aware of this application than external user and it is not difficult for any internal user to hack this and see anyone’s internal data
Insider driven fraud costs US enterprises over $600 billion annually.
No comments:
Post a Comment