Web site security and privacy

This 'web site security and privacy' article is supplied by Web Site Security, where you can find more information about web site security and privacy.

An Evaluation of Website Security Considerations



Alas, there are numerous ways in which web site security can be imperilled. For example, security hazards exist that may impinge on Web servers and LANs (local area networks) on which Web sites are situated, even by the normal use of a Web browser.

Web Masters shoulder the responsibility when dealing with the major threats. As soon as a Web server is installed at a site, a porthole materializes in the local area network through which anyone using the Internet can look. Obviously, the majority of website visitors see no more than what they are meant to look at, but a small number attempt to uncover parts of the site that aren't intended to be observable by the rest of the world. Dishonest visitors want to do other than only look; they make an attempt to unbolt the window and sneak inside. The damage they may inflict might be mere vandalism, like replacing the website's home page with theirs which might say or display absolutely anything at all, or it might be robbery, such as stealing a customers or orders database.

It's hard to elude the virtual certainty that complex computer software contains bugs. No matter how scrupulously it is tested, there's frequently a certain pattern of events or user actions, even though it may be rare, that creates a failure. Software bugs give rise to flaws in system security. A Web server is intricate software that can very likely contain a security flaw.

It is not just the intricacy of a Web server that can trigger a problem, but also its open architecture. Think about a CGI script as an illustration. A CGI script can be run at the server in answer to a remote call from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there could be a risk of a security violation.

Network Administrators also have to handle problems from Web servers owing to the danger they pose to the security of the local area network. Whereas there should be no unauthorized intrusions, admittance has to be given to web site visitors. This means that access to the network has to be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be breached if the Web server is configured badly. Bearing that in mind, normal use of the web site may be unachievable if the firewall is configured badly. Attaining an ideal answer is yet more complicated if an intranet exists as a constituent of the system. Normally, the Web server then must be configured to distinguish and verify domains and user groups, which are liable to have differing permission levels and access rights.

Suggestion: For information as regards a specific feature of website security, like "web site security and privacy", look for the full phrase on the Internet.

Almost anyone using a browser to surf the Web think that they're doing so anonymously and in safety. This is not so. Web browsers are able to run self-contained programs on the client computer that are resident on a web site. Modern browsers show a notice and ask authorization to execute such programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily leave a virus or other dangerous software on the browser user's computer. After it is in the system it can cause all kinds of catastrophe and may be very problematical to remove.

This is also a worry for Network Administrators. Web browsers afford a route for potentially malicious software to filter through the local area network's firewall. As soon as it is in the system, the harm it might inflict can go from surreptitiously appropriating confidential information to meaningless demolition.

Besides the problems in re active content, simply surfing the Net records a trail of the user's activities in the browser's history. This may be utilised by web sites and installed software programs to establish an accurate profile of the user's behaviour and interests. Though this may be frowned upon as an invasion of privacy by some people, it can be useful by providing pertinent content at once, thus unburdening the user of the job of searching for it.

Privacy is a question which concerns not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security wasn't the principal feature of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially confidential. Any time the browser on a local PC downloads a private document from the remote Web server, or the browser user fills out a form with personal data and clicks the 'Submit' button, the transmitted information might be intercepted without authorisation.

To find out more about 'web site security and privacy', visit website-security.biz.