Securing Web Presence

Having a website on the internet is so easy and affordable these days that the most businesses in the world have their own websites. This increases their reach to more potential customers. Some people open their business completely online without any local presence. But, opening a website is not the end of it. One must make it secure to take real advantage of this platform. Many evil persons can try to attack the site and damage the website, which can have negative impact on the business or whatever the purpose of that site is. So, securing a website is the most important process in website lifecycle. It’s usually a continuous process but many things have to be considered on its development and deployment. Usually there are three main objectives of securing one’s web presence. These are confidentiality, integrity and availability. These are the three main topics that must be covered in securing the web presence.

Confidentiality:

                Confidentiality means that the information or the website’s sensitive content in this case is accessible only to the authorized users. For example, information about a customer’s credit card and other personal info must only be accessible to that customer only. No unauthorized person should be able to obtain that information by any means. Failing to maintain confidentiality means that some unauthorized person who shouldn’t have access to the sensitive content has managed to get it. This is called a data breach which usually cannot be undone. As someone’s got that information, there is no way to remove from him. This information is usually used for evil purposes or sold to the black market, which in turn is used for evil purposes by many persons. This is a huge thing for customers of the site who put faith in company to secure their personal information. Incidents like this really degrade reputation of that business or whatever niche that website has. Confidentiality is maintained by only allowing authorized users to sensitive information.  In my comp424 class we did a lot of exercises that dealt with confidentiality. Me and my partner would generate a public and private key. If my partner gave me his private key I would be able to encrypt the messages, but for whatever reason he gave me a wrong key I would not be able to read the message. A lot of companies would make their keys public so the good hackers can hack their site or servers and tell the company that their site has potential breaches and they can give them tips on how to make their information more secure. But the downfall to this is it leaves the company prone to getting hacked by the bad hackers who just want to commit malicious acts. 

Integrity:

                Data integrity and data security are different terms. Data security is the protection of data.  Data Integrity means that the information is authentic. It ensures that the information going from or to the website is genuine and not altered by anyone either deliberately or accidently. This is a major security issue and can affect a business very badly. For example, an evil person exploits a flaw in one’s website structure and change the prices of the things he can buy to very low or even nothing at all and buy everything without paying. This can impact the business financially. Another common attack is redirecting user to another site which looks like the original one but steals the user’s information. It’s a direct violation of integrity of that website. Integrity in website can be made possible by checking outgoing and incoming information properly but attacks like redirecting users on network level cannot be stopped from website side. Integrity is maintained by making sure the information coming from or to the website is authentic and not tempered with.  It is important to maintain data integrity because business are constantly making data driven business decisions and data without integrity can have a detrimental effect on the company’s bottom line goals. Data integrity can be compromised through human error or malicious acts. Data that has been changed during a transfer from one device to a different one has a chance of being destroyed or changed. When I took comp424 I learned that there were a lot of attacks that caused a lot of harm for our military when an organization changed some data to trick a team into thinking the delivery would be in one location instead of another. This caused the soldiers to die from starvation and lack of resources. These sort of attacks can be very detrimental because it can be hard to tell if the device got hacked. All the hacker has to do is change some information or alter some coordinates and it can cause a huge disruption.  

Availability:

                Availability means that the information on the website is available and accessible to the authorized user anytime. This means the website be online and serving its information to its users. Not being able to access information on critical time can be life threatening on some systems. Even if its not life threatening, it can cause huge losses in many businesses. To prevent these problems, the website should have backup power and connectivity systems and techniques to prevent attackers from executing attacks like Denial of Service. In these types of attacks, the attackers try to bring down the server or make it so busy that it cannot process more requests. Availability is maintained by making sure the website is up and running at all the time.  Another way to prevent an attack is to have a plan when such a breach occurs. Maintaining data availability should be one of the biggest priorities in a companies recovery plan. This should contain a recovery point objective and a recovery time objective which helps determine what data needs to be restored and when it must be accessible in order for operations to resume after a disruption. For whatever reason data gets interrupted or stolen, there should be a backup stored locally that way you can retrieve the data if it gets lost. 

This was a great course and I really enjoyed it.  Thanks for offering this course I think It will help many students in computer science.

Google Analytics Integration

I signed up for Google Analytics using my google account using analytics.google.com. After going through the signup process in which I used my website address, I had my Google Analytics account ready with my unique tracking ID. This tracking ID is used to uniquely identify my analytics account and track everything to it. I used this tracking ID later on Google Analytics Dashboard Plugin for WordPress by MonsterInsights.

I then installed Google Analytics Dashboard Plugin for WordPress by MonsterInsights. This plugin has a nice wizard to set it up. I used that launch wizard to verify its settings and connect my Google Analytics account with it.

This plugin by MonsterInsights got my unique tracking ID and implemented in my site in every page and also its very own advanced click monitoring and file download monitoring.

I used this guide to install, setup and know everything about the plugin by MonsterInsights. This guide has been really helpful in understanding Google Analytics.

I can see the analytics in Google Analytics account but with this plugin by MonsterInsights, I can also see all the analytics in my WordPress dashboard.

Linkedin Integration

I used WP LinkedIn Auto Publish to link my personal account to my WordPress blog. It’s a simple yet effective plugin as it allows posting to personal LinkedIn accounts, So I didn’t have to worry about having a company account and creating applications on that account. All I had to do was to authorize the plugin to post on my LinkedIn, after that my account was connected to the WordPress and I can publish any post to LinkedIn which I make here.

After writing my posts, they get automatically posted to my LinkedIn account. For posts I’ve created before installing this plugin, in the posts section, I can simple click on Share now link on the corresponding post which makes that post to be published on my LinkedIn account. Only the link to the post is shared with its title. So, users can click on the link and land on my post. Below is the screenshot of how can I click on Share now button if its not already shared and it gets shared.

This is a really nice plugin as it doesn’t need my LinkedIn account to be a developer account. Its because the plugin I installed has their app registered with LinkedIn and I’m just giving that app the permission to post to my LinkedIn account. It’s risky but helps avoid the hassle of getting LinkedIn account which can normally be used. Which by the way should be the method used in production environment.

Twitter Integration

For deliverable 2 I had to make a twitter account and integrate it to my website using a WordPress plugin (WP to Twitter). After creating my Twitter account I had to apply for a Twitter Developer account. The application was straight forward, but it took Twitter two days to respond with an email asking for more information. I provided Twitter with more information about why I needed the API and I was approved an hour later. Then I went to the WP to Twitter plugin settings and entered my API public key, API secret key, access token, and secret access token. Once I did that my website was finally connected to my Twitter account. I had to go to the WP to Twitter plugin settings and allow my posts and pages that are posted to be tweeted. Overall everything was pretty simple and fun to do the only hurdle I had to go through was applying for the developer account and waiting to be approved.

Alone Time and Leisure Time

Striving for Digital Minimalism: Why We Need a Human-Centric Approach to Technology

Is technology helping us to move forward and advance or is slowing us down because we are losing focus and becoming more and more distracted.  Technology has allowed people to free up more time to dedicate towards what is meaningful to them instead of spending time on the repetitive and mundane.  But is the “meaningful” tasks create more time for our own addictions? Our culture has developed new terms where anxiety without technology now exists. It has turned into a physical and chemical addiction crisis across America.  Technology is supposed to serve humans, not the other way around. When we can’t function properly until we have spent x amount of time on x social media site, we now how another epidemic humans are facing. How we invest our time and what we invest in our time with is becoming more and more valuable.  With our time being freed up due to technology, more and more is expected of us, which leads us to be more tired and more exhausted. With technology people have to become more aware and purposeful of what they are using the technology for. In the end, it comes down to goals. Is the function of the technology helping you reach your goal or are you aimlessly a part of pathway leading you to an unknown destination that can have devastating effects on your life.  It also comes down to making good decisions. How much time are you designating to technology and is it worth your time? More reflections and more meditation is needed in self-awareness to see if the way you use technology is most effective and efficient for you.