Web site security methods

This 'web site security methods' article is supplied by Web Site Security, where you can find more information about web site security methods.

An Examination of Website Security Considerations



Unfortunately, there are various ways in which web site security can be undermined. Security hazards exist which affect Web servers and LANs (local area networks) where Web sites are located, even by the ordinary use of a Web browser.

Web Masters shoulder the responsibility when managing the critical risks. As soon as a Web server is set up at a site, a porthole is fabricated in the local area network through which anyone who is using the Internet can peek. Naturally, the majority of web site visitors see only what they are meant to see, but a minority attempt to find parts of the site that are not meant to be visible to the public. Malicious visitors would like to go further than merely look; they endeavor to unlock the window and sneak in. The harm intruders may inflict might be sheer vandalism, for instance replacing the website's home page with their own that could say or display absolutely anything, or it could be larceny, such as stealing a contacts or orders database.

It's hard to evade the likelihood that complicated computer software has bugs. No matter how thoroughly it's tested, there's typically a particular permutation of events or user actions, even though it might occur rarely, that will cause a failure. Computer software bugs create breaches in system security. A Web server is complex software that may very easily contain a security weakness.

It is not only the intricacy of a Web server that can cause a problem, but also its open architecture. Think about a CGI script as an illustration. A CGI script can be executed at the server in reply to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there may be a chance of a security breach.

Network Administrators also have to confront problems from Web servers because of the threat they pose to the security of the local area network. Though there ought to be no unauthorised incursions, admission must be given to website visitors. This means that access to the network should be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most robust firewall may be compromised if the Web server is configured badly. By the same token, normal use of the web site may be impossible if the firewall is configured badly. Reaching a perfect solution is still more tricky if an intranet exists as an element of the system. Normally, the Web server in that case has to be configured to recognise and validate domains and user groups, which are likely to have varying permission levels and access rights.

Suggestion: For help in relation to a special facet of website security, like "web site security methods", look for the full phrase on the Web.

Nearly all people using a browser to surf the Web suppose that they are doing so incognito and securely. It is not so. Web browsers are able to execute self-contained programs on the local machine that are resident on a web site. Modern browsers display a warning and ask authorisation to execute those programs. Well-known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily deposit a virus or other hazardous software on the browser user's PC. As soon as it's in the system it can wreak all kinds of catastrophe and can be very problematical to eliminate.

This is also a concern for Network Administrators. Web browsers supply a way for possibly malicious software to seep through the local area network's firewall. When it is in the network, the harm it could inflict can vary from stealthily stealing confidential information to meaningless spoliation.

Besides the concerns to do with active content, merely surfing the Web leaves a trail of the user's activities in the browser's history. This can be utilized by web sites and installed software programs to determine a precise report of the user's behaviour and preferences. While this might be frowned upon as an invasion of privacy by some, it can be constructive by providing relevant subject matter instantaneously, thus unburdening the user of the task of searching for it.

Secrecy is an issue that concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the most critical feature of its design. Both network and Internet transmissions should therefore not be considered as essentially confidential. Each time the browser on a local PC downloads a confidential document from the remote Web server, or the browser user fills out a form with private information and clicks the 'Submit' button, the transmitted information could be intercepted without authorisation.

To find out more about 'web site security methods', visit website-security.biz.