Web site security checklist

This 'web site security checklist' article is supplied by Web Site Security, where you can find more information about web site security checklist.

Web Site Security Considerations - An Evaluation



It is unfortunate, but there are many ways in which web site security can be jeopardized. Security dangers lurk insidiously that could impinge on Web servers and LANs (local area networks) on which Websites are hosted, even by the customary use of a Web browser.

Web Masters are in the front line when dealing with the major threats. As soon as a Web server is set up at a site, a window materializes in the local area network through which anyone using the Internet can peer. Obviously, nearly all website visitors look at only what they're supposed to see, but a handful of them endeavor to locate elements of the site that aren't meant to be observable by the public. Dishonest visitors would like to do other than only look; they endeavour to undo the window and slip through it. The damage they can cause might be sheer vandalism, for instance changing the web site's home page with theirs which could say or display absolutely anything at all, or else it could be burglary, such as gaining possession of a customers or sales list.

It is hard to elude the virtual certainty that complex software has bugs. No matter how meticulously it's tested, there does exist typically a particular pattern of events or user actions, though it may occur infrequently, which creates an error. Computer software bugs create flaws in system security. A Web server is involved software which may very likely contain a security weakness.

It is not merely the intricacy of a Web server which may produce a glitch, but also its open architecture. Think about a CGI script as an illustration. A CGI script may be executed at the server in reply to a remote request from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there may be a chance of a security violation.

Network Administrators also have to tackle problems from Web servers by reason of the threat they pose to the security of the local area network. Whereas there ought to be no unauthorised incursions, right of entry has to be given to website visitors. This means that access to the network must be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall can be undermined if the Web server is configured poorly. Concomitant with this constraint, normal use of the web site can be unattainable if the firewall is configured poorly. Arriving at an ideal solution is still more tricky if an intranet forms an element of the system. Usually, the Web server in that case has to be configured to identify and validate domains and user groups, which are liable to have varying permission levels and access rights.

Tip: For information on a particular feature of web site security, such as "web site security checklist", search for the full phrase on the Internet.

Most people using a browser to surf the Web believe that they really are doing so incognito and safely. It is not correct. Web browsers can run self-contained programs on the client machine that are hosted by a website. Modern browsers show a notice and request consent to run these kinds of programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily leave a virus or other hazardous software on the browser user's PC. As soon as it's in the system it can wreak all kinds of havoc and can be very difficult to remove.

This is also a worry for Network Administrators. Web browsers afford a means for possibly malicious software to filter all the way through the local area network's firewall. After it is in the network, the damage it is able to inflict can stretch from secretly appropriating private information to wilful carnage.

Aside from the matters in re active content, just surfing the Web records a trail of the user's activities in the browser's history. This may be utilized by websites and installed software programs to determine an accurate profile of the user's behaviour and preferences. Despite the fact that this might be considered an invasion of privacy by some, it can be helpful by showing relevant content at once, so relieving the user of the chore of searching for it.

Confidentiality is a topic which worries not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was created, security wasn't the principal aspect of its design. Both network and Internet transmissions should therefore not be considered as automatically private. Each time the browser on a local machine downloads a confidential file from the remote Web server, or the browser user fills out a form with personal information and clicks the 'Submit' button, the transmitted data might be intercepted without authorisation.

To find out more about 'web site security checklist', visit website-security.biz.