When you set up your Web site and the network infrastructure to support that site, you must take steps to protect your network from intentional and unintentional threats that might compromise your resources. The process of planning your Web site should include a comprehensive security policy that effectively weighs the value of the data against the costs of securing that data. However, as you make your system more secure, you’re also making that system less usable. You shouldn’t make your site so secure that your intended users can’t access your services. At the same time, you shouldn’t make it so accessible that critical resources are compromised. Planning your site’s security must take into account how users will be authenticated so that only intended users can access the site, how users will be authorized so that they can gain access to only specific site resources, and whether you’ll use encryption to protect data as it’s being transmitted across the Internet. A security strategy must also take into account whether you’ll use firewall services to further protect network resources. This chapter addresses each of these considerations in order to provide you with a comprehensive approach to planning an effective security strategy for your Web site.
To complete the lessons in this chapter, you must have