But think about the ideal secure system; If there was a room, that you needed to protect the contents of, the easiest way to achieve this would be to not put any doors or windows in that room. OK, you wouldn’t be able to access any of your stuff, but catastrophic events notwithstanding, you could least be sure that the stuff would be untouched for as long as you needed it be!
Think of your website as a room with protected stuff in. You have a window, so that visitors to your site can see your content, you also have a door, so you can get in there and move things around, and add additional stuff if you want to.
Now imagine someone who walks past your “room” looks in the window and see’s something they would like to get their hands on (a list of users credit card details for example) Now if you want to get into a room, what’s the first thing you try and do? Open the door? and that’s exactly what a hacker will try!
If your administration section is open to everyone, then the hacker will see “the door” and rattle the door knob to see how secure it is. They might try a couple of tricks to try and get the door open. In this example, lets pretend the hacker has a bunch of keys that are common keys that people use to protect their doors. He could try each one to see if you have used the same key as one he has in his bunch. Depending on how strong your key (read password) is, then he may or may not be successful!
So how can we make this scenario more secure, without preventing authorised access to the administration section? Simple, we only show the door to the people we want to allow access to! The principle is simple:
Discussion
No comments yet.