Web site security guidelines

This 'web site security guidelines' article is supplied by Web Site Security, where you can find more information about web site security guidelines.

Web Site Security Considerations - An Overview



It's unfortunate, but there are several ways in which web site security can be jeopardised. Security risks are ever present that could impinge on Web servers and LANs (local area networks) where Websites reside, even by the ordinary use of a Web browser.

Web Masters bear the brunt when dealing with the major threats. As soon as a Web server is set up at a site, a porthole materializes in the local area network through which anyone on the Internet can peek. Of course, as a rule web site visitors see only what they are supposed to see, but some attempt to locate elements of the site which are not meant to be perceptible to the rest of the world. Fraudulent visitors would like to do more than simply look; they attempt to unbolt the window and slither through it. The harm intruders may cause might be sheer vandalism, for example substituting the website's home page with theirs which might say or display anything at all, or it might be theft, such as appropriating a contacts or orders list.

It is hard to elude the probability that complex software contains bugs. No matter how systematically it's tested, there does exist typically a particular combination of events or user actions, even if it might be infrequent, which leads to an error. Computer software bugs produce breaches in system security. A Web server is convoluted software that may quite easily include a security crack.

It is not only the complexity of a Web server that can create a problem, but also its open architecture. Think about a CGI script as a case in point. A CGI script may be run at the server in answer to a remote request from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there is a possibility of a security violation.

Network Administrators also have to handle problems from Web servers as a consequence of the danger they pose to the security of the local area network. While there should be no unauthorized incursions, admission has to be given to web site visitors. This means that access to the network must be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured poorly. By the same token, normal use of the website can be not viable if the firewall is configured poorly. Reaching a model resolution is still more complicated if an intranet is part of the system. Typically, the Web server in that case needs to be configured to distinguish and validate domains and user groups, which are liable to have differing permission levels and access rights.

Tip: For ideas regarding a special viewpoint of website security, like "web site security guidelines", look for the full phrase on the Web.

Most of the people using a browser to surf the Web trust that they really are doing it namelessly and securely. This is not so. Web browsers can run autonomous programs on the client computer that are resident on a web site. Current browsers show a notice and ask authorization to run those programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily inject a virus or other dangerous software on the browser user's machine. When it's in the system it can inflict all kinds of havoc and can be very stubborn to delete.

This is also a concern for Network Administrators. Web browsers offer a way for potentially malicious software to permeate through the local area network's firewall. Once it is in the network, the harm it is able to cause can go from surreptitiously appropriating private information to willful demolition.

Besides the problems regarding active content, simply surfing the Internet leaves a trail of the user's activities in the browser's history. This can be utilised by web sites and installed programs to ascertain an exact profile of the user's behaviour and interests. Though this may be thought of as an invasion of privacy by some, it can be positively effective by displaying applicable subject matter instantaneously, so exonerating the user of the chore of trying to find it.

Secrecy is a problem which concerns not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security wasn't the principal feature of its design. Both network and Internet transmissions should therefore not be considered as essentially private. When the browser on a local PC downloads a confidential document from the remote Web server, or the browser user completes a form with personal information and clicks the 'Submit' button, the transmitted information might be intercepted without consent.

To find out more about 'web site security guidelines', visit website-security.biz.