Web site security monitoring

This 'web site security monitoring' article is supplied by Web Site Security, where you can find more information about web site security monitoring.

Website Security Considerations - An Understanding



Unfortunately, there are various ways in which web site security can be endangered. For example, security dangers exist which have an effect on Web servers and LANs (local area networks) where Web sites are situated, even by the routine use of a Web browser.

Web Masters face the flak when dealing with the major risks. As soon as a Web server is installed at a site, a window materializes in the local area network through which anyone on the Internet can peer. Obviously, for the most part website visitors see only what they are meant to see, but a minority attempt to unearth elements of the site which aren't designed to be visible to the world. Dishonest visitors desire to do more than merely look; they endeavour to open the window and sneak through. The harm intruders can cause might be sheer vandalism, for example changing the website's home page with their own which might say or display absolutely anything, or it could be burglary, such as stealing a contacts or sales database.

It is hard to escape the virtual certainty that convoluted computer software includes bugs. No matter how meticulously it is tested, there is frequently some order of events or user actions, though it may be infrequent, that creates a failure. Software bugs give rise to flaws in system security. A Web server is convoluted software which can very probably contain a security hole.

It is not only the complexity of a Web server which may cause a glitch, but also its open architecture. Consider a CGI script as an example. A CGI script may be executed at the server in reply to a remote request from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there's a possibility of a security violation.

Network Administrators also have to deal with problems from Web servers as a consequence of the danger they pose to the security of the local area network. Though there should be no unauthorized intrusions, access must be granted to website visitors. This means that access to the network should be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall can be undermined if the Web server is configured poorly. By the same token, normal use of the website may be not viable if the firewall is configured badly. Arriving at a model answer is yet more tricky if an intranet is part of the system. Typically, the Web server in that case must be configured to distinguish and authenticate domains and user groups, which are apt to have differing permission levels and access privileges.

Hint: For advice about a certain side of web site security, such as "web site security monitoring", look for the full phrase on the Net.

Most of the people using a browser to surf the Net suppose that they are doing it namelessly and securely. It is not correct. Web browsers are able to execute autonomous software programs on the local computer which are resident on a website. Modern browsers show a caution and request permission to execute these kinds of programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily inject a virus or other hazardous software on the browser user's PC. Once it is in the system it can cause all kinds of havoc and can be extremely awkward to eliminate.

This is also a concern for Network Administrators. Web browsers provide a route for possibly malicious software to permeate through the local area network's firewall. After it is in the network, the harm it can cause can vary from surreptitiously appropriating private information to meaningless carnage.

Aside from the issues to do with active content, merely browsing the Internet leaves a trail of the user's activities in the browser's history. This might be used by web sites and installed programs to ascertain an exact profile of the user's behaviour and interests. Whereas this might be considered an invasion of privacy by some people, it can be advantageous by offering pertinent content instantly, so unburdening the user of the job of looking for it.

Confidentiality is a subject that concerns not just browser users but also Web Masters and Network Administrators in the actual transmission of information via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the most important aspect of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially confidential. When the browser on a local machine downloads a sensitive file from the remote Web server, or the browser user fills in a form with personal information and clicks the 'Submit' button, the transmitted data can be intercepted without consent.

To find out more about 'web site security monitoring', visit website-security.biz.