10 Steps to Web Security

Essential Steps to
Web SecurityA Clearswift Best-Practice GuideIntroduction
Web 2.0 brings Threat 2.0.
The web is changing fast from a one-way medium for 'brochure-ware' to a highly interactive, sophisticated and increasingly mission-critical platform.
The new, 'Web 2.0' applications - from social networking to tagging, blogging and presence-aware services like IM - reflect the new web-enabled relationships forming between individuals and enterprises.
But each new development of the web brings with it a new species of parasite. Spyware, adware, keyloggers, blogspam and IM viruses seem to sprout up within days of any new trend.
Clearly, it's never been more important to protect your enterprise from the hazards of uninhibitedbrowsing.
This short guide summarizes ten steps to web security. Do them all, and you'll be better protected than 98% of enterprises out there. But the target never stands still. More than thesteps listed here, it's important to focus on the principles behind the steps, including: policy, vigilance, simplification, automation and transparency.
Putting these principles into action starts with the steps listed here. But it can never end there.At Clearswift, we invest massive resources into staying on top of every emerging Internet-bornethreat. Keep in touch and we'll keep you up to date.Step 1
Policy, policy and policy.
All web security muststart with policy.
 Policy focuses your attention -on thethings you need to stop and the things you'rehappy to allow
 Policy drives up compliance -when everyone understands what's unacceptable,responsible web use becomes the norm
 Policy enforces fairness - by making therules clear to all
 Policy facilitates prosecution -of the guilty and defense against regulations demanding due diligence
It's not difficult: create a sensible policy; make sure everyone understands and agrees with it;and enforce it with technology at every gateway.
MIMEsweeper web security products enforce your web security policy by filtering all webtraffic in both directions. Any traffic that breaches policy is automatically blocked and areport or alert is generated.Step 2
Now fine tune the policy.
When it comes to policy, one size does not fit all. Your policy should reflect the way you do business. A music company may allow all MP3 files while an engineering department may needto upload and download CAD files.
For most companies, these basic web rules are fairly fundamental:
 Block viruses Prevent and log Spyware call home activity Disable executables Only allow ActiveX from trusted sites Forbid intolerant content (e.g. racial, sexual or religious discrimination) Prevent access to inappropriate sites (e.g. porn and gambling sites) Inhibit loss of confidential or sensitive data
After this kind of thing, policy becomes highly tailored. You may want to allow certain departments or individuals specific privileges while denying them to the rest of the organization.
Or you may want to set times of day when certain activities are allowed (e.g. web shopping during lunch breaks). Or identify specific files that must never be uploaded or sent out throughwebmail.
The point is this: your policy should dictate your technology, not the other way around. If your filtering tools don't let you do what you want to do, find better tools.
MIMEsweeper offers the most granular policy management in the industry. We pioneeredpolicy-based content security and still lead the way.Step 3
Attack spyware from multiple angles.
Spyware is one of the more insidious (and annoying)web hazards. Fight it from three directions:
 Stop it at the gateway - with automated filtering and spyware profiling
 Stop it at the desktop - by scanning regularly to eradicated embedded spyware
 Stop it 'calling home' - so newly installedspyware can't get back to base for instructions
The MIMEsweeper Web Appliance uses Aluria spyware profiles to stop spyware at thegateway. Spyware downloads and call-homes are blocked by the MIMEsweeper Web Appliance using Aluria's anti-spyware and the award-winning MIMEsweeper content filtering technology.Step 4
Block undesirable URLs.
Millions of dubious websites spring up daily. You can'tkeep track of them all. But we can.
Use a comprehensive URL filter to... [download for more]