Creating a website security policy

This 'creating a website security policy' article is supplied by Web Site Security, where you can find more information about creating a website security policy.

Website Security Issues - An Examination



It's unfortunate, but there are lots of ways in which web site security can be undermined. Security risks exist which impinge on Web servers and LANs (local area networks) where Websites are located, even by the ordinary use of a Web browser.

Web Masters are in the front line when coping with the gravest challenges. As soon as a Web server is installed at a site, a porthole comes into being in the local area network through which anyone on the Internet can look. Certainly, as a rule web site visitors see only what they're supposed to look at, but some of them attempt to locate elements of the site which are not designed to be evident to all and sundry. Unscrupulous visitors aim to do other than just look; they make an attempt to unfasten the window and slip inside. The damage intruders could cause might be sheer vandalism, for example replacing the web site's home page with their own which might say or show anything at all, or it might be theft, such as stealing a customers or sales database.

It's difficult to avoid the virtual certainty that complex software includes bugs. Regardless of how thoroughly it's tested, there's as a rule some order of events or user actions, even if it might come about rarely, which causes an error. Computer software bugs give rise to gaps in system security. A Web server is involved software that can very probably include a security gap.

It's not just the intricacy of a Web server which can create a problem, but also its open architecture. Consider a CGI script as an example. A CGI script may be run at the server in answer to a remote request from a client. This might be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there is a possibility of a security violation.

Network Administrators also have to handle problems from Web servers on account of the risk they pose to the security of the local area network. Whereas there should be no unauthorised incursions, right of entry has to be granted to web site visitors. This means that access to the network must be controlled. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be undermined if the Web server is configured poorly. Concomitant with this constraint, normal use of the website may be unachievable if the firewall is configured poorly. Reaching a model solution is yet more tricky if an intranet is a constituent of the system. Commonly, the Web server then has to be configured to recognize and validate domains and user groups, which are liable to have varying permission levels and access privileges.

Tip: For ideas in relation to an individual feature of website security, like "creating a website security policy", look for the complete phrase on the Web.

The majority of people using a browser to surf the Internet suppose that they are doing it secretly and in safety. It is not the case. Web browsers may process autonomous programs on the local machine which are hosted by a website. Modern browsers show a warning and request permission to execute these kinds of programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily leave a virus or other dangerous software on the browser user's PC. After it is in the system it can cause all kinds of havoc and can be very difficult to eradicate.

This is also a concern for Network Administrators. Web browsers present a path for potentially malicious software to filter through the local area network's firewall. Once it is in the network, the harm it can cause can range from furtively gaining possession of private data to gratuitous demolition.

Apart from the problems regarding active content, simply surfing the Web records a trail of the user's activities in the browser's history. This could be utilized by web sites and installed software programs to ascertain a precise report of the user's behavior and interests. Despite the fact that this might be unacceptable as an invasion of privacy by some people, it can be beneficial by offering related subject matter straight away, thus relieving the user of the task of trying to find it.

Confidentiality is an issue that worries not just browser users but also Web Masters and Network Administrators in the actual transmission of information via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security wasn't the most crucial factor of its blueprint. Both network and Internet transmissions should therefore not be thought of as as necessarily confidential. When the browser on a local PC downloads a private file from the remote Web server, or the browser user fills in a form with personal information and clicks the 'Submit' button, the transmitted data could be intercepted without authorization.

To find out more about 'creating a website security policy', visit website-security.biz.