From an internal perspective, the browser is the most obvious security risk. The objective
is to protect the user's computer and local internal network. Much of the insecurity of browsers
is the possibility of revealing private information about a user such as email address, name, or
other personal information that might be stored in the browser's configuration. Other risks
involve the execution of malicious applets or scripts by the browser. These may be written
in Java, JavaScript, VBScript, or Active X.
Protecting the user is also important. Security concerns exist because the browser can accept cookies, certain information sent by a server at a particular site which are stored in a human-readable file), by having items listed in bookmark file, or by the user accessing a secure section of a local internal network. These are primarily privacy issues when considering cookies and bookmark files, and a case where a user may remain "logged in" through a browser and someone takes advantage of the available security clearance. These issues are concerns of workstation security and are beyond the treatment of the briefing or, in the case of cookies, is now an option to the user whether or not to accept this type of information from a server.
Java Attacks Java, a language developed at Sun microsystems and is widely used by WWW applications. The language is a cross between a compiled and interpretive language which can be loaded as an applet (an application running within another, the browser in this case) with appropriate tags in a Web page. The language has some loopholes, however:
JavaScript Attacks Javascript is a Netscape creation. It is similar to Java in syntax and structure but is strictly interpretive and is executed by directly coding the functions into a Web page. It also has some security concerns:
Solutions Most of these concerns are easily remedied on an individual level. The current browser versions from Netscape and Microsoft correct these loopholes. Upgrading may not be quite as simple from a corporate perspective where multiple machines must be attended to. Updated versions can be downloaded from their web sites and licensed packages can later be bought for the entire company. Netscape Communicator costs $80 and it includes upgrades and accessories that may be added to the browser for a limited time by downloading them directly from the Netscape website. Internet Explorer is available for free download from the Microsoft website. Reviews have found Netscape to be more user friendly, with special add ons tailored specifically for business who want to improve their websites though serious coding. Netscape even offers their own verision of servers which make accessing the web even easier. On the other hand, Internet Explorer is more user friendly and tailored to the individual user. It is meant to be just that, a browser. It features all of the qualities that make Netscape so good with one additional positive characteristic, it’s free. Netscape with the added features like mail, news, internet meeting module, chat, etc is attractive to a company, however, because it's an all-inclusives communications package allowing for easier application maintainance. This also allows the installation of a single, multi-purpose, application rather than many application that may conflict. Normally, these companies issue warnings and upgrades as soon as leaks or bugs in their programs are spotted so it is encouraged to periodically inspect their websites to download the latest version of their browsers. A current version of the browser is the most obvious and easiest solution. A network may be equipped with a firewall, which we will discuss in the next section, which has the ability to filter certain types of information entering or exiting a local network. In this case, Java applets can be forbidden to enter the internal network. This solution does not guard against malicious JavaScript code, however. Next stop, the network gateway. |