Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Near and far security

If you wanted to prevent Joe Bloggs from attacking John Smith, you would have two choices. You could restrain Joe Bloggs, or you could protect John Smith. In other words, you could apply the security near to John Smith, or far from him. Trying to apply the security halfway would be ineffective - if Joe lived in Southampton and John in Northampton, then no amount of security in the Oxford area (on the direct A34 road between the two towns) would prevent Joe catching the train into London and our again and circumventing all your expensive efforts in Oxford.

I'm reminded of these near and far security issues when looking at Internet, operating system and Web security. Systems provided have a choice between applying security as tight as possible around each user and offering a minimum of facilities, which is the historic norm, or providing protection at the individual resources which is the way that it's always been done in Unix operating systems and its variants.

I was looking at our web logs this morning, and I saw some 3000 hits from a .ac.uk domain in the last week; upon further examination, they all came within a half hour period on Friday, with some user running the "wget" utility to copy our website onto his local machine at the rate of 2 pages per second and downloading 43kbytes per second for that whole period. On a lower-specification web site, the effect could have been a denial of service for other potential visitors but as far as we're concerned it something to note, to be aware of, and to let go. One of the major purposes of a web site such as ours is to provide information on our products and a service for potential customers, and we take the approach of not vetting everyone before they have access. In any case - I'm inclined to think that this particular download was a result of someone not understanding the wget utility rather than any malicious intent; it's possible that it's someone who's interested in competing with our courses - but, hey, I'm flattered if that's the case ;-)

We work with a network of good friends and contacts who we want to welcome to our site, and we don't want to let incidents like this damage the access for the majority - so we're much more in favour of "far" security rather than "near", but with a few checks and protections in place. The same thing applies to the Opentalk forum and comments here on "The Horse's Mouth" - contributions are encouraged and we prefer not to have to restrict. Various tools we have in place do mean that we're likely to spot any issues, and a further few custom lines of Perl (using command line options and topicalisation) will quickly allow us to extend our analysis tools to look at specific cases. Here's what I wrote a short while back:


#!/usr/bin/perl -na

if (/xx.ac.uk/) {
$amount += $F[9];
$lines ++;
}

END {
print "$lines accesses totalling $amount bytes\n";
}


and it tells me


earth-wind-and-fire:~/netlogs grahamellis$ ./sumbytes ac_20040910
3107 accesses totalling 78675086 bytes
earth-wind-and-fire:~/netlogs grahamellis$





(written 2004-09-12, updated 2008-05-10)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
A212 - Web Application Deployment - Secure Service and Credit Cards
  [1840] Validating Credit Card Numbers - (2008-10-14)
  [2097] PHP Course - for hobby / club / charity users. - (2009-03-22)


Back to
CGI v mod_perl
Previous and next
or
Horse's mouth home
Forward to
Effective fundraising
Some other Articles
Current cost in your local currency
Business is the predominant user of Tomcat, Perl and Tcl
PHP - onwards and upwards
Effective fundraising
Near and far security
CGI v mod_perl
Serious subject
Hash of lists in Perl
Do languages change?
A Thousand and four words
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/46_Near- ... urity.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb