Web site security and compliance

This 'web site security and compliance' article is supplied by Web Site Security, where you can find more information about web site security and compliance.

Website Security Issues - An Assessment



It is unfortunate, but there are numerous ways in which website security can be jeopardized. Security hazards lurk insidiously which might impinge on Web servers and LANs (local area networks) where Web sites reside, even by the natural use of a Web browser.

Web Masters are in the front line when managing the critical challenges. As soon as a Web server is set up at a site, a window materialises in the local area network through which anyone who is on the Internet can look. Certainly, on the whole web site visitors see only what they are meant to see, but a small number endeavor to uncover parts of the site which are not designed to be discernible by the public. Malicious visitors mean to go further than simply look; they try to open the window and slither through it. The damage they can inflict might be sheer vandalism, like substituting the website's home page with their own which could say or show absolutely anything, or else it might be larceny, such as appropriating a customers or orders list.

It is hard to escape the probability that intricate computer software includes bugs. No matter how meticulously it's tested, there will be usually a certain combination of events or user actions, while it might be rare, which leads to an error. Software bugs give rise to gaps in system security. A Web server is convoluted software that may quite probably contain a security fault.

It is not only the intricacy of a Web server that may cause a problem, but also its open architecture. Consider a CGI script as a case in point. A CGI script may be processed at the server in reply to a remote request from a client. This might be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there may be a danger of a security violation.

Network Administrators also have to confront problems from Web servers owing to the danger they pose to the security of the local area network. Whereas there should be no unauthorized incursions, admission must be given to website visitors. This means that access to the network should be regulated. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be breached if the Web server is configured poorly. Bearing that in mind, normal use of the web site can be impossible if the firewall is configured badly. Reaching an ideal resolution is still more difficult if an intranet forms a constituent of the system. Usually, the Web server then needs to be configured to distinguish and validate domains and user groups, which are liable to have varying permission levels and access privileges.

Suggestion: For ideas in relation to a certain aspect of website security, such as "web site security and compliance", look for the complete phrase on the Net.

The majority of people using a browser to surf the Web think that they really are doing it namelessly and securely. It is not correct. Web browsers can process autonomous software on the user's machine that are hosted by a website. Modern browsers show a warning and request consent to run these kinds of programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other hazardous software on the browser user's computer. Once it's in the system it can wreak all kinds of catastrophe and may be very tricky to remove.

This is also a concern for Network Administrators. Web browsers supply a means for possibly malicious software to seep all the way through the local area network's firewall. Once it is in the network, the damage it might cause can stretch from secretly appropriating private data to gratuitous carnage.

Apart from the problems surrounding active content, simply browsing the Internet records a trail of the user's activities in the browser's history. This could be utilised by web sites and installed programs to ascertain a precise profile of the user's behavior and preferences. Despite the fact that this may be considered an invasion of privacy by some, it can be helpful by offering applicable content without delay, so unburdening the user of the job of trying to find it.

Confidentiality is a topic which concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security wasn't the most crucial aspect of its design. Both network and Internet transmissions should therefore not be considered as automatically confidential. Whenever the browser on a local PC downloads a sensitive file from the remote Web server, or the browser user completes a form with private information and clicks the 'Submit' button, the transmitted information might be intercepted without consent.

To find out more about 'web site security and compliance', visit website-security.biz.