Commercial website security requirements

This 'commercial website security requirements' article is supplied by Web Site Security, where you can find more information about commercial website security requirements.

Website Security Considerations - An Examination



An unfortunate fact is that there are lots of ways in which web site security can be jeopardized. Security dangers exist that impinge on Web servers and LANs (local area networks) where Web sites reside, even by the normal use of a Web browser.

Web Masters come under fire when dealing with the gravest challenges. As soon as a Web server is installed at a site, a window is fabricated in the local area network through which anyone who is using the Internet can peep. Certainly, as a rule website visitors see only what they are supposed to see, but a few of them try to unearth parts of the site that are not supposed to be observable by the public. Pernicious visitors desire to do other than merely look; they attempt to unbolt the window and steal through. The harm intruders could cause might be mere vandalism, like replacing the web site's home page with one of theirs which could say or show anything, or it could be burglary, like gaining possession of a contacts or orders database.

It's hard to evade the likelihood that convoluted computer software includes bugs. Regardless of how carefully it's tested, there will be as a rule a particular order of events or user actions, even though it may be infrequent, that will cause an error. Computer software bugs give rise to gaps in system security. A Web server is involved software that may very probably contain a security hole.

It's not merely the complexity of a Web server that may instigate a problem, but also its open architecture. Think about a CGI script as a case in point. A CGI script may be executed at the server in reply to a remote call from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there is a risk of a security breach.

Network Administrators also have to face problems from Web servers as a consequence of the threat they pose to the security of the local area network. Although there ought to be no unauthorised intrusions, admittance must be given to website visitors. This means that access to the network has to be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be compromised if the Web server is configured poorly. By the same token, normal use of the website may be unattainable if the firewall is configured poorly. Arriving at an ideal solution is even more complicated if an intranet forms part of the system. Normally, the Web server in that case needs to be configured to identify and authenticate domains and user groups, which are apt to have varying permission levels and access privileges.

Hint: For help in relation to a certain feature of website security, such as "commercial website security requirements", search for the complete phrase on the Internet.

Most of the people using a browser to surf the Internet believe that they really are doing so incognito and securely. This is not correct. Web browsers may run autonomous software on the user's machine that are resident on a website. Current browsers show a caution and request permission to run those programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily install a virus or other hazardous software on the browser user's PC. After it's in the system it can wreak all kinds of catastrophe and may be extremely difficult to eradicate.

This is also a worry for Network Administrators. Web browsers present a path for possibly malicious software to filter all the way through the local area network's firewall. As soon as it is in the network, the damage it may cause can vary from stealthily appropriating private information to motiveless demolition.

Apart from the problems regarding active content, merely browsing the Net records a trail of the user's activities in the browser's history. This might be utilized by websites and installed programs to ascertain an accurate profile of the user's behavior and interests. While this might be unacceptable as an invasion of privacy by some, it can be positively effective by displaying related content right away, thus relieving the user of the job of searching for it.

Secrecy is a question that concerns not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information by means of the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was created, security was not the principal factor of its blueprint. Both network and Internet transmissions should therefore not be considered as automatically private. Any time the browser on a local computer downloads a sensitive document from the remote Web server, or the browser user fills out a form with confidential information and clicks the 'Submit' button, the transmitted information could be intercepted without authorization.

To find out more about 'commercial website security requirements', visit website-security.biz.