Web site security model

This 'web site security model' article is supplied by Web Site Security, where you can find more information about web site security model.

An Overview of Website Security Issues



An unfortunate fact is that there are several ways in which website security can be circumvented. For example, security dangers exist which have an effect on Web servers and LANs (local area networks) where Web sites reside, even by the typical use of a Web browser.

Web Masters are in the front line when coping with the most significant risks. As soon as a Web server is installed at a site, a porthole is fabricated in the local area network through which anyone using the Internet can look. Of course, on the whole website visitors look at only what they are meant to look at, but a minority try to uncover elements of the site which aren't intended to be visible to the world. Malicious visitors aspire to do more than simply look; they attempt to unfasten the window and slip through. The damage they can inflict might be sheer vandalism, for instance substituting the web site's home page with one of their own which might say or show absolutely anything at all, or it could be robbery, such as appropriating a customers or sales database.

It's hard to evade the likelihood that convoluted software contains bugs. No matter how exhaustively it's tested, you can find as a rule a particular combination of events or user actions, though it might be uncommon, which will cause a fault. Software bugs cause holes in system security. A Web server is involved software which can very possibly contain a security flaw.

It is not merely the complexity of a Web server that can trigger a glitch, but also its open architecture. Think about a CGI script as an illustration. A CGI script can be processed at the server in response to a remote call from a client. This might be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there may be a danger of a security breach.

Network Administrators also have to take on problems from Web servers by reason of the threat they pose to the security of the local area network. Whereas there should be no unauthorized intrusions, admittance has to be granted to website visitors. This means that access to the network must be controlled. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be compromised if the Web server is configured poorly. By the same token, normal use of the web site may be impossible if the firewall is configured badly. Reaching a model resolution is still more difficult if an intranet exists as part of the system. Usually, the Web server in that case needs to be configured to identify and validate domains and user groups, which are liable to have varying permission levels and access rights.

Suggestion: For ideas as regards an individual facet of website security, for example "web site security model", search for the complete expression on the Net.

Nearly all people using a browser to surf the Net suppose that they're doing so secretly and in safety. This is not so. Web browsers may run autonomous software programs on the client machine which are resident on a website. Modern browsers display a warning and ask authorisation to execute such programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily deposit a virus or other dangerous software on the browser user's PC. Once it is in the system it can cause all kinds of havoc and can be exceedingly tough to get rid of.

This is also a concern for Network Administrators. Web browsers present a way for possibly malicious software to permeate through the local area network's firewall. Once it is in the network, the harm it can cause can go from stealthily gaining possession of private data to gratuitous demolition.

Apart from the problems regarding active content, simply surfing the Net records a trail of the user's activities in the browser's history. This could be utilised by web sites and installed programs to determine an accurate report of the user's behavior and interests. Though this might be unacceptable as an invasion of privacy by some people, it can be useful by displaying appropriate content straight away, so relieving the user of the job of searching for it.

Secrecy is an issue which worries not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security was not the most essential factor of its blueprint. Both network and Internet transmissions should therefore not be thought of as as necessarily private. Each time the browser on a local machine downloads a sensitive file from the remote Web server, or the browser user fills in a form with personal data and clicks the 'Submit' button, the transmitted data may be intercepted without authorization.

To find out more about 'web site security model', visit website-security.biz.