Web site security best practices

This 'web site security best practices' article is supplied by Web Site Security, where you can find more information about web site security best practices.

Examination of Web Site Security Considerations



Unfortunately, there are lots of ways in which website security can be circumvented. For example, security hazards are ever present that affect Web servers and LANs (local area networks) on which Websites reside, even by the natural use of a Web browser.

Web Masters bear the brunt when managing the major challenges. As soon as a Web server is installed at a site, a window materialises in the local area network through which anyone on the Internet can peep. Of course, for the most part web site visitors look at only what they are meant to look at, but a small number try to uncover areas of the site which aren't designed to be visible to all and sundry. Nefarious visitors aspire to go further than just look; they try to undo the window and steal through. The harm they may inflict might be mere vandalism, such as replacing the website's home page with theirs that might say or show absolutely anything at all, or it might be theft, like appropriating a customers or orders database.

It's difficult to elude the likelihood that complex computer software contains bugs. Regardless of how comprehensively it is tested, there's as a rule a certain order of events or user actions, even if it might be infrequent, which leads to a fault. Software bugs give rise to breaches in system security. A Web server is convoluted software that may very easily include a security defect.

It's not only the intricacy of a Web server that may create a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script can be executed at the server in reply to a remote request from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there is a danger of a security breach.

Network Administrators also have to cope with problems from Web servers due to the threat they pose to the security of the local area network. Although there should be no unauthorised incursions, right of entry has to be granted to web site visitors. This means that access to the network should be regulated. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be compromised if the Web server is configured poorly. Bearing that in mind, normal use of the website may be impossible if the firewall is configured poorly. Finding an ideal resolution is still more tricky if an intranet is a constituent of the system. Usually, the Web server then must be configured to distinguish and validate domains and user groups, which are liable to have differing permission levels and access privileges.

Suggestion: For help with reference to an individual view of website security, e.g. "web site security best practices", search for the complete phrase on the Net.

Nearly all people using a browser to surf the Internet trust that they're doing so in secret and safely. This is not correct. Web browsers may process self-contained programs on the local computer which are hosted by a website. Current browsers show a caution and ask consent to run such programs. Well-known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily deposit a virus or other dangerous software on the browser user's machine. As soon as it's in the system it can inflict all kinds of damage and can be extremely problematical to remove.

This is also a worry for Network Administrators. Web browsers provide a route for potentially malicious software to seep through the local area network's firewall. Once it is in the system, the harm it is able to inflict can extend from surreptitiously appropriating confidential information to motiveless destruction.

Besides the problems to do with active content, simply browsing the Net records a trail of the user's activities in the browser's history. This can be used by websites and installed programs to establish an accurate profile of the user's behaviour and interests. While this might be thought of as an invasion of privacy by some people, it can be beneficial by providing appropriate content instantaneously, so exonerating the user of the chore of trying to find it.

Secrecy is a subject which concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security was not the principal factor of its blueprint. Both network and Internet transmissions should therefore not be thought of as as automatically confidential. When the browser on a local machine downloads a sensitive document from the remote Web server, or the browser user completes a form with confidential information and clicks the 'Submit' button, the transmitted information may be intercepted without authorization.

To find out more about 'web site security best practices', visit website-security.biz.