Web Server Security Policies and Procedures

Most businesses, governments, and organizations have external Web sites describing their purpose and structure, and often provide the opportunity for public interaction. E-commerce on the Internet is not something that only large businesses can afford to do. It can be a profitable operation for every "Mom and Pop" enterprise as well. For security reasons, Internet Web servers are usually positioned inside the packet-screening firewall that faces the Internet and inside the firewalls that protect precious interior networks. Such architecture has a good security track record if implemented correctly, and is called the demilitarized zone (DMZ).

Organizations may also choose to develop and deploy intranet Web sites for employee use. In these cases, the Web servers are located inside the interior network, as these systems are not intended for outside eyes. Regardless of the organization's size and whether it has Internet or intranet Web sites, considerable amounts of money and resources are spent in the development of a suitable Web site that is informative yet practical. In a very real sense, the company's Web site reflects the organization's branding, image, and business reputation.

The development, maintenance, management, and administration of the company's Internet Web site is usually assigned to a team of experts within the enterprise or outsourced. It is possible a director of online marketing development is responsible for identifying and implementing new online business development opportunities while the company's Webmaster takes charge of the site's technical excellence, content development, management, and security. On the part of the Webmaster, there is a development team responsible for site design, coding, graphics, and business features such as shopping carts.

Internal company Web sites are generally used for posting information relevant to employees. Birthdays, presentations, corporate calendars, directories, organizational charts, and project information are often posted. Project management information posted to an internal network can provide a central reference point for the project team and senior managers with project oversight. Internal Web sites do not have the same visibility as Internet Web sites, but they have the same need to be managed through specific policies and procedures.

0 comments:

Popular Posts