Web site security incidents

This 'web site security incidents' article is supplied by Web Site Security, where you can find more information about web site security incidents.

An Understanding of Website Security Issues



It's unfortunate, but there are many ways in which website security can be imperilled. For example, security hazards are ever present that might affect Web servers and LANs (local area networks) on which Websites are located, even by the natural use of a Web browser.

Web Masters face the flak when dealing with the gravest risks. As soon as a Web server is set up at a site, a porthole is made in the local area network through which anyone who is using the Internet can peek. Naturally, nearly all website visitors look at no more than what they are meant to see, but a small number try to uncover parts of the site which aren't meant to be discernible by all and sundry. Dishonest visitors desire to go further than only look; they try to open the window and creep in. The damage they could cause might be mere vandalism, like substituting the website's home page with one of their own which might say or display anything at all, or else it might be burglary, such as appropriating a contacts or sales list.

It's hard to avoid the likelihood that convoluted computer software includes bugs. No matter how carefully it's tested, there will be as a rule a certain permutation of events or user actions, even though it might happen on the odd occasion, that brings about a fault. Software bugs create holes in system security. A Web server is convoluted software that may very probably include a security fault.

It's not only the complexity of a Web server that may produce a glitch, but also its open architecture. Consider a CGI script as an example. A CGI script can be executed at the server in answer to a remote request from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there will be a chance of a security violation.

Network Administrators also have to deal with problems from Web servers because of the danger they pose to the security of the local area network. Whereas there should be no unauthorized intrusions, access must be given to website visitors. This means that access to the network has to be regulated. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall can be undermined if the Web server is configured badly. Bearing that in mind, normal use of the web site may be impossible if the firewall is configured badly. Attaining a perfect answer is yet more complicated if an intranet is a constituent of the system. Commonly, the Web server in that case must be configured to recognise and authenticate domains and user groups, which are liable to have varying permission levels and access rights.

Suggestion: For ideas in relation to a particular side of web site security, e.g. "web site security incidents", search for the complete phrase on the Net.

Almost all people using a browser to surf the Web suppose that they are doing so anonymously and safely. It is not so. Web browsers are able to execute self-contained programs on the local computer which are resident on a web site. Current browsers show a caution and request authorization to execute these kinds of programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other hazardous software on the browser user's machine. After it is in the system it can inflict all kinds of catastrophe and may be extremely problematical to eradicate.

This is also a concern for Network Administrators. Web browsers present a path for potentially malicious software to filter all the way through the local area network's firewall. When it is in the network, the harm it may cause can range from furtively stealing private information to willful demolition.

Aside from the problems regarding active content, simply surfing the Net leaves a trail of the user's activities in the browser's history. This could be used by websites and installed programs to determine an accurate report of the user's behavior and preferences. Though this may be frowned upon as an invasion of privacy by some, it can be useful by providing pertinent content at once, so exonerating the user of the job of searching for it.

Confidentiality is an issue which worries not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security wasn't the most crucial feature of its design. Both network and Internet transmissions should therefore not be thought of as as necessarily confidential. Whenever the browser on a local computer downloads a sensitive document from the remote Web server, or the browser user fills out a form with confidential data and clicks the 'Submit' button, the transmitted information can be intercepted without authorization.

To find out more about 'web site security incidents', visit website-security.biz.