Internet security plan

This 'internet security plan' article is supplied by Web Site Security, where you can find more information about internet security plan.

An Evaluation of Web Site Security Issues



An unfortunate fact is that there are lots of ways in which web site security can be jeopardised. Security hazards lurk insidiously that might impinge on Web servers and LANs (local area networks) on which Websites reside, even by the conventional use of a Web browser.

Web Masters face the flak when dealing with the critical threats. As soon as a Web server is set up at a site, a porthole is created in the local area network through which anyone who is on the Internet can peep. Of course, as a rule website visitors look at only what they're supposed to see, but some make an effort to locate parts of the site which aren't supposed to be observable by the public. Iniquitous visitors desire to do other than only look; they try to unfasten the window and slither in. The damage intruders can cause might be sheer vandalism, for instance changing the web site's home page with one of theirs that could say or show anything at all, or else it might be theft, such as gaining possession of a customers or orders database.

It is hard to escape the likelihood that complex computer software contains bugs. No matter how thoroughly it's tested, there will be more often than not some order of events or user actions, although it may arise on the odd occasion, that creates a fault. Computer software bugs give rise to holes in system security. A Web server is intricate software which can very possibly include a security hole.

It's not merely the intricacy of a Web server that can trigger a glitch, but also its open architecture. Consider a CGI script as an example. A CGI script may be executed at the server in answer to a remote request from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there may be a possibility of a security violation.

Network Administrators also have to cope with problems from Web servers by reason of the risk they pose to the security of the local area network. While there ought to be no unauthorized intrusions, admission must be given to web site visitors. This means that access to the network has to be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall may be breached if the Web server is configured poorly. Bearing that in mind, normal use of the web site may be unachievable if the firewall is configured poorly. Attaining a perfect solution is still more difficult if an intranet is a constituent of the system. Usually, the Web server in that case must be configured to identify and validate domains and user groups, which are likely to have differing permission levels and access privileges.

Hint: For information with reference to a specialised facet of website security, for instance "internet security plan", search for the complete expression on the Web.

Most people using a browser to surf the Net believe that they are doing so anonymously and safely. This is not correct. Web browsers may run autonomous programs on the client machine that are hosted by a web site. Current browsers display a warning and ask authorization to execute such programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily deposit a virus or other hazardous software on the browser user's computer. When it is in the system it can inflict all kinds of damage and can be very problematical to delete.

This is also a worry for Network Administrators. Web browsers provide a path for possibly malicious software to filter all the way through the local area network's firewall. When it is in the system, the damage it may cause can vary from clandestinely stealing confidential data to willful spoliation.

Apart from the matters surrounding active content, just surfing the Web records a trail of the user's activities in the browser's history. This can be utilised by websites and installed programs to create an accurate profile of the user's behavior and interests. Whereas this may be unacceptable as an invasion of privacy by some people, it can be constructive by displaying appropriate subject matter without delay, thus relieving the user of the job of looking for it.

Confidentiality is a question which worries not only browser users but also Web Masters and Network Administrators in the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was created, security wasn't the principal factor of its design. Both network and Internet transmissions should therefore not be thought of as as necessarily confidential. Every time the browser on a local PC downloads a sensitive document from the remote Web server, or the browser user fills out a form with private information and clicks the 'Submit' button, the transmitted data might be intercepted without authorisation.

To find out more about 'internet security plan', visit website-security.biz.