Online web site security check

This 'online web site security check' article is supplied by Web Site Security, where you can find more information about online web site security check.

Website Security Issues - An Evaluation



It is unfortunate, but there are a lot of ways in which website security can be imperilled. Security risks exist which could impinge on Web servers and LANs (local area networks) on which Web sites are located, even by the normal use of a Web browser.

Web Masters shoulder the responsibility when dealing with the gravest risks. As soon as a Web server is set up at a site, a window is constructed in the local area network through which anyone who is using the Internet can peer. Naturally, most web site visitors see no more than what they are supposed to see, but a handful of them endeavor to uncover areas of the site which are not supposed to be detectable by the public. Iniquitous visitors aspire to go further than simply look; they try to open the window and steal through it. The harm intruders may cause might be sheer vandalism, for instance replacing the website's home page with one of theirs that could say or display absolutely anything, or else it could be larceny, like stealing a contacts or orders list.

It's difficult to escape the likelihood that convoluted software includes bugs. Regardless of how exhaustively it's tested, there does exist more often than not a certain pattern of events or user actions, even if it may arise hardly ever, that brings about a fault. Computer software bugs create flaws in system security. A Web server is complex software that may quite easily contain a security flaw.

It's not just the complexity of a Web server which can trigger a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script may be executed at the server in reply to a remote request from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there could be a risk of a security violation.

Network Administrators also have to handle problems from Web servers on account of the danger they pose to the security of the local area network. Although there must be no unauthorised incursions, admission must be given to web site visitors. This means that access to the network should be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall may be breached if the Web server is configured badly. Bearing that in mind, normal use of the website can be unattainable if the firewall is configured badly. Reaching an ideal resolution is yet more difficult if an intranet forms a constituent of the system. Commonly, the Web server in that case must be configured to identify and verify domains and user groups, which are liable to have differing permission levels and access privileges.

Suggestion: For advice regarding a certain facet of web site security, e.g. "online web site security check", search for the full phrase on the Net.

Nearly everybody using a browser to surf the Web trust that they are doing so incognito and securely. This is not correct. Web browsers may execute self-contained programs on the user's machine which are hosted by a website. Modern browsers display a notice and ask authorisation to execute such programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily inject a virus or other hazardous software on the browser user's machine. When it is in the system it can cause all kinds of catastrophe and may be exceedingly stubborn to delete.

This is also a concern for Network Administrators. Web browsers make available a route for possibly malicious software to seep all the way through the local area network's firewall. When it is in the network, the harm it can inflict can go from surreptitiously stealing sensitive data to gratuitous spoliation.

Apart from the matters regarding active content, just browsing the Internet leaves a trail of the user's activities in the browser's history. This may be utilised by web sites and installed software to determine an exact report of the user's behaviour and preferences. Despite the fact that this might be unacceptable as an invasion of privacy by some, it can be positively effective by providing appropriate content directly, thus exonerating the user of the job of looking for it.

Privacy is a subject which concerns not just browser users but also Web Masters and Network Administrators in the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the principal factor of its design. Both network and Internet transmissions should therefore not be considered as essentially confidential. Whenever the browser on a local PC downloads a confidential file from the remote Web server, or the browser user fills in a form with personal data and clicks the 'Submit' button, the transmitted data might be intercepted without authorization.

To find out more about 'online web site security check', visit website-security.biz.