Web site security books

This 'web site security books' article is supplied by Web Site Security, where you can find more information about web site security books.

Evaluation of Website Security Issues



It is unfortunate, but there are numerous ways in which website security can be imperilled. For example, security hazards lurk insidiously that impinge on Web servers and LANs (local area networks) where Websites are situated, even by the ordinary use of a Web browser.

Web Masters face the flak when dealing with the critical risks. As soon as a Web server is set up at a site, a window is constructed in the local area network through which anyone who is on the Internet can peep. Certainly, most website visitors look at no more than what they are meant to look at, but some try to uncover areas of the site that aren't supposed to be evident to the world. Dishonest visitors desire to go further than just look; they endeavour to unlock the window and sneak in. The harm they can inflict might be mere vandalism, such as replacing the website's home page with their own that could say or put on view absolutely anything, or it might be theft, like appropriating a customers or orders list.

It is difficult to escape the virtual certainty that complex software contains bugs. Regardless of how scrupulously it is tested, there will be usually a particular permutation of events or user actions, though it may be rare, that creates a fault. Software bugs create flaws in system security. A Web server is complex software that can quite possibly include a security gap.

It's not merely the intricacy of a Web server that can produce a problem, but also its open architecture. Think about a CGI script as a case in point. A CGI script can be run at the server in response to a remote call from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there may be a chance of a security breach.

Network Administrators also have to handle problems from Web servers by reason of the threat they pose to the security of the local area network. Despite the fact that there should be no unauthorised intrusions, admittance must be granted to website visitors. This means that access to the network must be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be compromised if the Web server is configured badly. Concomitant with this constraint, normal use of the website can be not possible if the firewall is configured poorly. Attaining an ideal solution is even more difficult if an intranet exists as a constituent of the system. Usually, the Web server then must be configured to recognise and authenticate domains and user groups, which are liable to have differing permission levels and access rights.

Suggestion: For information regarding a specialised feature of web site security, e.g. "web site security books", look for the complete phrase on the Web.

Most people using a browser to surf the Internet trust that they really are doing it anonymously and safely. This is not the case. Web browsers may process autonomous programs on the client machine which are located on a web site. Current browsers show a caution and request authorisation to run those programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily leave a virus or other hazardous software on the browser user's machine. When it is in the system it can inflict all kinds of damage and can be extremely tricky to get rid of.

This is also a concern for Network Administrators. Web browsers present a route for possibly malicious software to seep all the way through the local area network's firewall. When it is in the network, the harm it is able to cause can range from furtively appropriating private data to wanton destruction.

Besides the problems involving active content, merely browsing the Net leaves a trail of the user's activities in the browser's history. This may be utilized by websites and installed programs to ascertain a precise profile of the user's behaviour and preferences. Although this might be unacceptable as an invasion of privacy by some people, it can be positively effective by offering relevant content right away, thus exonerating the user of the job of looking for it.

Privacy is a matter that worries not only browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security was not the principal feature of its design. Both network and Internet transmissions should therefore not be considered as automatically confidential. Each time the browser on a local machine downloads a confidential file from the remote Web server, or the browser user fills in a form with private information and clicks the 'Submit' button, the transmitted information can be intercepted without authorisation.

To find out more about 'web site security books', visit website-security.biz.