.

Course: MIS (Management Information System)

.Title: Security risks on the Web

.Assignment

1
Contents
Introduction:...............................................................................................3

Types of security risks on the web:............................................................4

First: Modify the content of the web:......................................................4

Second: Disable the functions of the website:........................................4

Third: Misuse of the website...................................................................4

Fourth: Control the internal information systems of the website:...........4

Why web browsers security?.....................................................................6

Risks that threaten the security of browsers and how to protect them:......6

Tools for checking site security..................................................................7

Firewalls.....................................................................................................7

Proxy Service:............................................................................................7

Stateful Inspection:.....................................................................................7

Conclusion and recommendations:............................................................8

References:.................................................................................................9

2
Introduction:
The Internet is a giant network of millions of Internet sites in the world All these sites
use technologies and languages in the programming and design of their own sites.

Web attacks are attacks and security risks designed to exploit the weakness of this
software system (site) either to sabotage it or to steal information or even stop the site.

Internet surfers around the world practice their online activities in the open space of
the Internet and without security restrictions. On the private sector, companies and
institutions that have websites to expose their information on this network are exposed
to Internet and extranets, which expose them to multiple types of risks Commensurate
with the size of the information, the method of its construction, the location of the
broadcast of the headquarters information, and the linkage of the information base to
the internal systems of the establishment and the external systems with the business
partners. And this makes them vulnerable to breakthroughs, damage to the
establishment1.

The reliance on the Internet has become a major communication medium in various
fields of employment, highlighting the importance of focusing on the risks that may
result from that use. There are many risks, some serious and some less serious. These
risks range from virus infections to data and information stored on a computer.
Penetration of websites and tampering with user files.

1
http://www.aleqt.com/2013/02/18/article_732473.html

3
 Types of security risks on the web:

First: Modify the content of the web:

Is one of the simple risks, which are exposed to websites, regardless of the size of the
headquarters of information or the place of transmission of information, or the link
between the headquarters of the internal systems and the content is changed here
through the attacks of some amateur or professional, and through these attacks a
change of some content, which affects In the form of the site and makes it a cause for
ridicule and contempt, as is done by other attacks change some data.

Second: Disable the functions of the website:

One of the general risks that a website can face is that the attacker will take the server
to the server with a stream of messages, attachments and queries flowing in huge
quantities until the site is unable to meet any queries from actual users or the inability
of any user Normal access to the site from the original or slow response from the site
and cause damage that causes disruption of the site service.

Third: Misuse of the website

 Small and medium-sized businesses are exposed to this kind of attack by hackers, e-
scams or professional prosecutions, where the headquarters site is used as a starting
point for offensive actions on another Web site. It is also possible to use corporate
information systems, which does not include appropriate levels of protection to hide
some files, especially in the cases of economic espionage or in banks and sectors of
electronic marketing, through internal elements can hide a file is not allowed to trade
on the headquarters until the exit, To enter the headquarters from the outside and get
the file.

Fourth: Control the internal information systems of the website:

 This is the highest level of risk, and is limited to organizations where their
information headquarters and internal systems are linked. They are therefore the most
influential types of e-commerce. Hackers can access internal enterprise systems,

4
which is like opening the door wide to any entry into internal systems . Access to
internal systems is a real threat to the organization. Those who have access can obtain
internal information about the organization, which may lead to negative results in the
company's business or may sometimes result in the company completely shutting
down. All internal information of the institution. Although there are data reserves,
erasing some data may result in the loss of some important information, which enters
operations without appearing in results, which may not be recoverable.

5
Why web browsers security?
It is difficult to ensure the security of browsers because of the evolution of
technologies used to penetrate the security of browsers at a high speed, making it
difficult to develop browsers in accordance with the risks, and in addition to ensure
the safety of sites visited by users; therefore, the security of browsers is common
between the designers of browsers and users.

The security of browsers is important for many reasons, the most important of which are:

1) Many users are unaware of the threats they face while using a web browser.
2) Many users ignore updates.
3) Use of browsers in many private and confidential transactions.
4) Different locations visited by users, from sites with high confidentiality and
confidentiality.
5) Many users are unaware of the features and functionality of web browsers and how
they are used.
6) Web browser developers give up confidentiality for more browser functionality.
7) Interfacing web browsers with operating systems, increasing the risk to users.
8) Many websites require users to activate certain features that compromise their
devices.

Risks that threaten the security of browsers and how to protect

them:
  The risks faced by browsers can be divided into two types:

 Risks due to gaps or functions in browsers.

 Risks due to user .

6
Tools for checking site security
1 - Google scan tool: a tool provided by Google to examine the website and ensure the
existence of any content is not safe.

2- Scan My Server: An excellent site that scans your site for all vulnerabilities and
sends you a security report on all the gaps.

3-SUCURI: A free and easy to use tool that checks for any malicious code on the
website.

4. SSL Labs: An excellent site that scans HTTPS sites and gives you information
about the SSL certificate and the SSL protocol. It is very important that you check
your site using this tool.

5- Quttera : a good tool to check the website and scan it for any harmful code
available in it.

6. Detectify : This tool performs more than 100 security checks on your site for gaps.

7. site guarding: scans the site for any malicious code.

8. Web Inspector: Another tool that scans for harmful code and malware.

Firewalls
Firewalls are a software program or hardware that filters information coming through
the Web to a private site, and the installations are designed to isolate their own
internal network from the Web to prevent intrusions and intrusion.

Proxy Service:
The firewall itself appoints an agent for the intranet, thus blocking the intranet
addresses and thus sending the data to the firewall address that in turn directs it to its
original destination.

7
Stateful Inspection:
The firewall here checks certain fields of packets, not checking all packet
components, but comparing them to the corresponding fields in the same context.
When it detects that certain packages have not adhered to the context rules, Threatens
the security of the site.

8
Conclusion and recommendations:
There are many preventive measures and steps that protect against the dangers of
hacking the website and breaking the confidentiality and privacy of these websites:

1) Making updates on websites periodically.

2) Use of scanning tools for checking websites.
3) Protection of the site's server.
4) Protect the website during the programming process.
5) Always take a backup of the site.
6) A good Proxy Settings2 .
7) Use antivirus software and firewalls (hardware and software) to secure your
computer and keep it updated.
8) Use programs to detect malicious files as spyware, adware and files controlled
by the Internet browser.
9) Conduct necessary and periodic updates to the operating environment used to
fill security gaps3.
10) Attention to the website and follow-up periodically and on a daily basis and
follow-up events and note if there are any unexpected changes occurred in the site
such as the emergence of pop-ups or something that doubts that it was modified from
the files of the site, and must continue to appear in the search engines and seo SEO
and must Know well that the hacker site is falling back on the search engines and is
late in order, you must take into account all those simple things to keep the site from
penetration disease.
11) Strong password for website:

It is a good idea to make a very strong password for hosting data and the control panel
of the website to prevent penetration, because those who try to penetrate are working
on the exploitation of sites with weak words and the password must be surrounded by
the secret of large and not accessible to everyone and difficult to guess also not Be
vulnerable to theft or leakage to other hackers.

2
https://basicinternetsecurity.org/book/basic-internet-security.pdf
3
http://www.metjar.com/ecommerce/internet_safety_and_security.html

9
References:
1) https://basicinternetsecurity.org/book/basic-internet-security.pdf
2) http://www.aleqt.com/2013/02/18/article_732473.html
3) http://www.metjar.com/ecommerce/internet_safety_and_security.html
4) https://www.tutorialspoint.com/internet_security/internet_security_tutorial.pdf
5) http://www.websiteinsurance.co.uk/what-are-my-website-risks/

10