Background

Information security has taken a high profile in recent years, and rightly so, as it has a bearing on all of us. This website is intended to provide a guide for IT professionals to understand the key issues around security, and it is hoped to be useful to a wider audience. It also aims to provide particular detail to anyone involved in developing and operating web applications.

Read the full introduction

Hotspots

Some of the main hotspots in information security:

Desktop Security
Keeping a workstation secure is a major challenge when it's used to browse the Internet, open documents sent my email, all the day-to-day things that make a computer useful. At present, this activity carries a high risk of compromise; determined attackers are generally able to compromise desktops. This is very much a front-line in the security battle.

Bulk Data Theft
Many organisations handle people's personal data in bulk, and it can be stolen by malicious employees, leaked by accident, or disclosed through hacking attacks. The ability of criminals to use this data for fraud and identity theft makes it a common target.

Web Applications
Security on the web is relatively immature, and not widely embedded in development processes. With so many teams building web applications, and these performing critical functions such as online banking, this vector poses a major avenue of attack.

Network Security
Traditionally this was the front line of security, but in recent years, network software (such as email servers) has greatly improved in security, and defences like firewalls are widely deployed. As such, network attacks like worms are much rarer.

There are many others, such as denial-of-service (DOS) attacks, voice over IP (VOIP) and telephony attacks, and social engineering. This site may be extended in the future.

Techniques

Here are some general techniques for thinking about security:

Components, Interfaces and Security Boundaries

© 1998 - 2008 Paul Johnston, distributed under the BSD License   Updated:21 Feb 2008