Web site security focus

This 'web site security focus' article is supplied by Web Site Security, where you can find more information about web site security focus.

Website Security Considerations - An Overview



Alas, there are numerous ways in which website security can be jeopardized. Security risks exist that have an effect on Web servers and LANs (local area networks) on which Websites are located, even by the regular use of a Web browser.

Web Masters come under fire when dealing with the most severe risks. As soon as a Web server is set up at a site, a porthole is fabricated in the local area network through which anyone on the Internet can peer. Of course, the majority of web site visitors look at no more than what they are supposed to see, but a small number of them try to find elements of the site that are not designed to be detectable by the general public. Dishonest visitors wish to do more than simply look; they make an attempt to unfasten the window and slither in. The harm they can inflict might be mere vandalism, for example replacing the website's home page with one of their own that could say or show anything at all, or else it could be burglary, such as stealing a contacts or orders list.

It is difficult to elude the probability that convoluted computer software contains bugs. No matter how carefully it's tested, there is by and large a certain pattern of events or user actions, while it may appear once in a blue moon, that leads to an error. Computer software bugs produce holes in system security. A Web server is complicated software which may quite possibly contain a security flaw.

It is not merely the intricacy of a Web server that can produce a problem, but also its open architecture. Consider a CGI script as an example. A CGI script may be processed at the server in response to a remote request from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there's a chance of a security breach.

Network Administrators also have to take on problems from Web servers on account of the threat they pose to the security of the local area network. Whereas there should be no unauthorized intrusions, right of entry must be granted to web site visitors. This means that access to the network has to be regulated. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be undermined if the Web server is configured poorly. By the same token, normal use of the web site may be not viable if the firewall is configured poorly. Attaining an ideal resolution is even more difficult if an intranet forms a constituent of the system. Typically, the Web server in that case must be configured to identify and verify domains and user groups, which are liable to have varying permission levels and access rights.

Suggestion: For information in relation to a specific aspect of website security, for example "web site security focus", search for the full phrase on the Web.

Nearly everybody using a browser to surf the Net think that they are doing it namelessly and safely. It is not the case. Web browsers can run self-contained software programs on the client machine that are resident on a website. Current browsers show a warning and ask authorisation to run these kinds of programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily install a virus or other hazardous software on the browser user's machine. When it's in the system it can inflict all kinds of catastrophe and may be exceedingly tricky to get rid of.

This is also a concern for Network Administrators. Web browsers offer a means for potentially malicious software to seep through the local area network's firewall. Once it is in the network, the harm it might cause can go from stealthily gaining possession of confidential data to wilful carnage.

Apart from the issues surrounding active content, simply browsing the Internet leaves a trail of the user's activities in the browser's history. This might be utilised by websites and installed programs to create an exact report of the user's behavior and interests. Though this may be considered an invasion of privacy by some people, it can be beneficial by providing related content directly, so unburdening the user of the task of looking for it.

Privacy is a topic which concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the most critical factor of its design. Both network and Internet transmissions should therefore not be considered as necessarily confidential. Whenever the browser on a local computer downloads a confidential file from the remote Web server, or the browser user completes a form with confidential data and clicks the 'Submit' button, the transmitted data may be intercepted without consent.

To find out more about 'web site security focus', visit website-security.biz.