Web site security policy

This 'web site security policy' article is supplied by Web Site Security, where you can find more information about web site security policy.

An Understanding of Website Security Concerns



An unfortunate fact is that there are several ways in which web site security can be compromised. Security dangers lurk insidiously which could impinge on Web servers and LANs (local area networks) on which Websites are situated, even by the conventional use of a Web browser.

Web Masters bear the brunt when coping with the most serious risks. As soon as a Web server is installed at a site, a window materializes in the local area network through which anyone who's using the Internet can look. Naturally, for the most part website visitors look at no more than what they are meant to look at, but a few of them attempt to locate elements of the site that are not intended to be evident to the world. Dishonest visitors desire to do more than simply look; they try to unfasten the window and creep in. The harm they can inflict might be mere vandalism, for example substituting the web site's home page with one of theirs which might say or show anything, or it could be robbery, such as stealing a contacts or sales list.

It's difficult to escape the virtual certainty that complicated computer software contains bugs. Regardless of how scrupulously it is tested, there does exist typically a certain order of events or user actions, though it might take place hardly ever, which leads to a fault. Computer software bugs produce holes in system security. A Web server is convoluted software which can quite likely include a security defect.

It is not merely the intricacy of a Web server which may cause a glitch, but also its open architecture. Consider a CGI script as an example. A CGI script can be processed at the server in answer to a remote call from a client. This might be a request from a program or even the click of a button in a browser. If the CGI script includes a bug, there may be a chance of a security violation.

Network Administrators also have to handle problems from Web servers as a consequence of the danger they pose to the security of the local area network. Whereas there should be no unauthorised intrusions, admittance must be granted to website visitors. This means that access to the network has to be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be compromised if the Web server is configured poorly. By the same token, normal use of the website can be not possible if the firewall is configured badly. Attaining a model resolution is even more tricky if an intranet exists as part of the system. Normally, the Web server then needs to be configured to identify and authenticate domains and user groups, which are liable to have differing permission levels and access rights.

Hint: For advice on a specialised view of web site security, such as "web site security policy", search for the full expression on the Internet.

Nearly all people using a browser to surf the Web trust that they're doing it namelessly and safely. It is not so. Web browsers may process self-contained software programs on the local machine that are located on a website. Modern browsers show a caution and request permission to execute those programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily inject a virus or other dangerous software on the browser user's computer. After it's in the system it can wreak all kinds of havoc and can be exceedingly awkward to delete.

This is also a concern for Network Administrators. Web browsers make available a means for potentially malicious software to permeate all the way through the local area network's firewall. As soon as it is in the system, the damage it could cause can extend from stealthily appropriating confidential data to willful spoliation.

Aside from the matters regarding active content, merely browsing the Internet leaves a trail of the user's activities in the browser's history. This can be utilized by web sites and installed software programs to determine an accurate profile of the user's behavior and preferences. While this may be unacceptable as an invasion of privacy by some people, it can be helpful by displaying germane content instantaneously, thus unburdening the user of the job of trying to find it.

Privacy is an issue that concerns not only browser users but also Web Masters and Network Administrators during the actual transmission of data via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily confidential. Whenever the browser on a local PC downloads a sensitive document from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted information can be intercepted without authorization.

To find out more about 'web site security policy', visit website-security.biz.