Web site security policies

This 'web site security policies' article is supplied by Web Site Security, where you can find more information about web site security policies.

Website Security Concerns - An Understanding



An unfortunate fact is that there are several ways in which web site security can be adversely affected. For example, security risks are ever present which may have an effect on Web servers and LANs (local area networks) on which Web sites reside, even by the customary use of a Web browser.

Web Masters bear the brunt when coping with the most serious threats. As soon as a Web server is set up at a site, a window materialises in the local area network through which anyone on the Internet can peer. Of course, on the whole website visitors see only what they're supposed to look at, but a small number attempt to uncover elements of the site which are not intended to be detectable by the general public. Iniquitous visitors aim to do other than only look; they try to undo the window and sneak in. The harm they could inflict might be sheer vandalism, like changing the web site's home page with their own that might say or put on view absolutely anything, or else it might be theft, like appropriating a contacts or orders list.

It's difficult to escape the likelihood that complicated software has bugs. Regardless of how methodically it is tested, there exists typically some combination of events or user actions, even though it might appear seldom, which brings about an error. Computer software bugs cause gaps in system security. A Web server is complicated software that can very probably include a security flaw.

It is not only the complexity of a Web server that can instigate a problem, but also its open architecture. Consider a CGI script as an example. A CGI script can be processed at the server in answer to a remote request from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there is a chance of a security violation.

Network Administrators also have to tackle problems from Web servers as a consequence of the risk they pose to the security of the local area network. Despite the fact that there should be no unauthorised intrusions, access has to be granted to web site visitors. This means that access to the network must be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured badly. Concomitant with this constraint, normal use of the web site may be unattainable if the firewall is configured poorly. Arriving at a perfect solution is even more difficult if an intranet is an element of the system. Normally, the Web server in that case must be configured to identify and authenticate domains and user groups, which are likely to have differing permission levels and access rights.

Suggestion: For help on a specific feature of website security, such as "web site security policies", search for the complete phrase on the Web.

Most people using a browser to surf the Net suppose that they are doing so secretly and safely. It is not the case. Web browsers may process autonomous programs on the user's machine which are located on a web site. Modern browsers show a warning and request consent to execute those programs. Well-known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily install a virus or other hazardous software on the browser user's machine. When it is in the system it can inflict all kinds of damage and may be very stubborn to remove.

This is also a worry for Network Administrators. Web browsers make available a way for possibly malicious software to permeate through the local area network's firewall. As soon as it is in the system, the harm it can cause can go from clandestinely stealing private information to wilful destruction.

Aside from the matters to do with active content, merely surfing the Net records a trail of the user's activities in the browser's history. This can be utilized by websites and installed programs to determine an accurate report of the user's behavior and interests. Whereas this may be frowned upon as an invasion of privacy by some, it can be constructive by displaying germane content immediately, thus relieving the user of the job of searching for it.

Confidentiality is a subject which concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of information by means of the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the principal aspect of its design. Both network and Internet transmissions should therefore not be thought of as as automatically private. Every time the browser on a local machine downloads a sensitive document from the remote Web server, or the browser user fills in a form with private information and clicks the 'Submit' button, the transmitted information can be intercepted without authorization.

To find out more about 'web site security policies', visit website-security.biz.