Web site security design

This 'web site security design' article is supplied by Web Site Security, where you can find more information about web site security design.

Website Security Considerations - An Assessment



An unfortunate fact is that there are various ways in which web site security can be compromised. Security dangers lurk insidiously that impinge on Web servers and LANs (local area networks) on which Websites are hosted, even by the customary use of a Web browser.

Web Masters face the flak when dealing with the gravest risks. As soon as a Web server is installed at a site, a window appears in the local area network through which anyone who's using the Internet can look. Naturally, on the whole website visitors see only what they're supposed to look at, but some attempt to discover parts of the site which aren't designed to be evident to the rest of the world. Malicious visitors want to do other than merely look; they make an attempt to unfasten the window and sneak in. The harm they could inflict might be mere vandalism, for instance substituting the website's home page with one of theirs which might say or show absolutely anything, or else it could be larceny, like gaining possession of a contacts or sales list.

It is difficult to elude the likelihood that complicated computer software has bugs. Regardless of how exhaustively it is tested, there's frequently a certain order of events or user actions, even though it may be uncommon, that will cause a failure. Computer software bugs create holes in system security. A Web server is involved software which may quite easily contain a security defect.

It's not just the complexity of a Web server that can trigger a glitch, but also its open architecture. Think about a CGI script as a case in point. A CGI script can be run at the server in reply to a remote request from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there's a risk of a security violation.

Network Administrators also have to confront problems from Web servers on account of the threat they pose to the security of the local area network. Despite the fact that there should be no unauthorised intrusions, admission must be granted to website visitors. This means that access to the network should be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be compromised if the Web server is configured badly. Bearing that in mind, normal use of the website may be not possible if the firewall is configured poorly. Reaching an ideal solution is yet more difficult if an intranet is a constituent of the system. Normally, the Web server in that case needs to be configured to recognise and verify domains and user groups, which are likely to have varying permission levels and access rights.

Suggestion: For help with reference to a specialised facet of web site security, for example "web site security design", search for the full expression on the Net.

Almost everyone using a browser to surf the Web trust that they really are doing so secretly and in safety. It is not the case. Web browsers may execute autonomous software programs on the client machine which are hosted by a website. Current browsers show a notice and ask authorisation to execute these kinds of programs. Well-known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily leave a virus or other dangerous software on the browser user's PC. Once it's in the system it can cause all kinds of catastrophe and may be extremely awkward to eliminate.

This is also a concern for Network Administrators. Web browsers afford a way for potentially malicious software to permeate all the way through the local area network's firewall. As soon as it is in the network, the harm it is able to inflict can range from stealthily gaining possession of confidential data to gratuitous spoliation.

Besides the matters involving active content, just browsing the Web records a trail of the user's activities in the browser's history. This might be utilized by websites and installed programs to create a precise profile of the user's behaviour and interests. Though this might be unacceptable as an invasion of privacy by some people, it can be helpful by offering appropriate subject matter instantly, thus relieving the user of the task of searching for it.

Privacy is a problem which concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security was not the most essential feature of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily confidential. Each time the browser on a local machine downloads a confidential file from the remote Web server, or the browser user fills in a form with confidential data and clicks the 'Submit' button, the transmitted information might be intercepted without authorisation.

To find out more about 'web site security design', visit website-security.biz.