How to write a website security policy

This 'how to write a website security policy' article is supplied by Web Site Security, where you can find more information about how to write a website security policy.

Web Site Security Considerations - An Understanding



It's unfortunate, but there are numerous ways in which web site security can be imperilled. Security hazards are ever present which have an effect on Web servers and LANs (local area networks) on which Web sites are hosted, even by the normal use of a Web browser.

Web Masters shoulder the responsibility when dealing with the gravest threats. As soon as a Web server is set up at a site, a window is fabricated in the local area network through which anyone using the Internet can look. Certainly, on the whole website visitors see no more than what they are meant to see, but a small number endeavor to uncover elements of the site that are not designed to be visible to the rest of the world. Iniquitous visitors aspire to go further than just look; they attempt to unfasten the window and steal through it. The damage intruders could cause might be sheer vandalism, for example substituting the website's home page with their own that could say or display absolutely anything, or else it could be burglary, like gaining possession of a customers or orders list.

It's difficult to avoid the probability that intricate software has bugs. Regardless of how scrupulously it's tested, there does exist more often than not some permutation of events or user actions, even if it might take place once in a blue moon, which causes a fault. Software bugs produce flaws in system security. A Web server is complex software that can quite likely contain a security hole.

It's not only the complexity of a Web server which can produce a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script can be executed at the server in response to a remote request from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there will be a chance of a security breach.

Network Administrators also have to face problems from Web servers because of the threat they pose to the security of the local area network. Whereas there ought to be no unauthorised incursions, right of entry must be granted to website visitors. This means that access to the network must be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall can be breached if the Web server is configured poorly. By the same token, normal use of the web site can be not possible if the firewall is configured poorly. Arriving at a perfect resolution is still more tricky if an intranet is an element of the system. Typically, the Web server then needs to be configured to recognize and verify domains and user groups, which are liable to have differing permission levels and access privileges.

Tip: For help on a special aspect of website security, like "how to write a website security policy", look for the complete expression on the Web.

Nearly everybody using a browser to surf the Internet think that they're doing so secretly and in safety. This is not correct. Web browsers are able to process autonomous software on the user's computer that are resident on a website. Modern browsers show a warning and request permission to execute those programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily deposit a virus or other hazardous software on the browser user's computer. Once it is in the system it can wreak all kinds of havoc and may be exceedingly tricky to eliminate.

This is also a concern for Network Administrators. Web browsers offer a way for possibly malicious software to filter through the local area network's firewall. Once it is in the network, the damage it could cause can vary from clandestinely gaining possession of sensitive data to meaningless demolition.

Besides the issues involving active content, just surfing the Internet records a trail of the user's activities in the browser's history. This can be utilised by websites and installed programs to create an exact profile of the user's behaviour and interests. Despite the fact that this might be frowned upon as an invasion of privacy by some, it can be beneficial by showing germane subject matter right away, so unburdening the user of the task of looking for it.

Privacy is an issue that concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of data via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was created, security wasn't the principal factor of its blueprint. Both network and Internet transmissions should therefore not be thought of as as automatically private. Each time the browser on a local machine downloads a private document from the remote Web server, or the browser user fills in a form with personal information and clicks the 'Submit' button, the transmitted data could be intercepted without consent.

To find out more about 'how to write a website security policy', visit website-security.biz.