Site Security Planning

Authorization

You will need to change your authorization (or access-control) policies and procedures in order to meet the new challenges of doing business over the Internet. Employees, customers, and business partners will need access to resources at your site, which probably includes executable content. Recent surveys show that up to 25 percent of successful intrusions into business intranets are perpetrated by employees and users who have no legitimate need for access to the areas they entered. They gain access to these resources mainly through faulty authorization schemes. Both policies and procedures are often inadequate to protect system resources from unwanted intrusion.

Your site will be vulnerable to intrusion from destructive unauthorized users and thieves entering it from the Internet, if your access-control scheme does not protect your resourcessuch as scripts in ASP pagesfrom read access by outsiders.