General network and web site security issues

This 'general network and web site security issues' article is supplied by Web Site Security, where you can find more information about general network and web site security issues.

Website Security Concerns - An Evaluation



Alas, there are a lot of ways in which web site security can be imperilled. Security hazards exist which impinge on Web servers and LANs (local area networks) where Web sites are situated, even by the routine use of a Web browser.

Web Masters are in the front line when handling the critical challenges. As soon as a Web server is installed at a site, a window materialises in the local area network through which anyone using the Internet can look. Obviously, for the most part web site visitors see only what they're supposed to see, but a minority try to find areas of the site which are not intended to be evident to all and sundry. Nefarious visitors aspire to go further than merely look; they make an attempt to unbolt the window and slip inside. The harm they may cause might be sheer vandalism, for instance changing the website's home page with their own that might say or put on view anything at all, or it might be larceny, like appropriating a contacts or sales list.

It is difficult to elude the likelihood that complicated computer software has bugs. No matter how exhaustively it is tested, there will be frequently some combination of events or user actions, while it may happen infrequently, which creates an error. Computer software bugs produce holes in system security. A Web server is convoluted software that may very possibly contain a security fault.

It's not merely the complexity of a Web server that may create a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script can be processed at the server in answer to a remote call from a client. This might be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there may be a danger of a security violation.

Network Administrators also have to cope with problems from Web servers by reason of the threat they pose to the security of the local area network. Though there should be no unauthorized incursions, admittance has to be granted to web site visitors. This means that access to the network has to be regulated. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be breached if the Web server is configured poorly. Bearing that in mind, normal use of the website may be unattainable if the firewall is configured badly. Reaching an ideal solution is yet more complicated if an intranet exists as a constituent of the system. Typically, the Web server in that case needs to be configured to identify and validate domains and user groups, which are likely to have varying permission levels and access privileges.

Suggestion: For help regarding a detailed feature of website security, e.g. "general network and web site security issues", search for the complete expression on the Web.

Most of the people using a browser to surf the Web believe that they really are doing so in secret and in safety. This is not so. Web browsers can execute self-contained programs on the local computer that are resident on a website. Current browsers show a caution and request consent to run these kinds of programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily deposit a virus or other hazardous software on the browser user's PC. Once it's in the system it can cause all kinds of damage and may be very stubborn to eradicate.

This is also a concern for Network Administrators. Web browsers make available a means for possibly malicious software to filter all the way through the local area network's firewall. When it is in the network, the damage it may cause can range from stealthily appropriating sensitive data to meaningless demolition.

Aside from the issues regarding active content, merely surfing the Net records a trail of the user's activities in the browser's history. This may be utilized by web sites and installed software to create a precise profile of the user's behavior and preferences. Despite the fact that this may be unacceptable as an invasion of privacy by some people, it can be advantageous by showing applicable content right away, thus unburdening the user of the chore of looking for it.

Confidentiality is a subject that worries not only browser users but also Web Masters and Network Administrators during the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security wasn't the most essential factor of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially private. Whenever the browser on a local PC downloads a confidential file from the remote Web server, or the browser user completes a form with personal information and clicks the 'Submit' button, the transmitted data could be intercepted without authorisation.

To find out more about 'general network and web site security issues', visit website-security.biz.