Web site security practices

This 'web site security practices' article is supplied by Web Site Security, where you can find more information about web site security practices.

An Examination of Website Security Considerations



It is unfortunate, but there are many ways in which web site security can be undermined. Security hazards are ever present which could impinge on Web servers and LANs (local area networks) on which Web sites reside, even by the ordinary use of a Web browser.

Web Masters face the flak when managing the critical threats. As soon as a Web server is set up at a site, a porthole materializes in the local area network through which anyone who's using the Internet can peep. Naturally, most website visitors see no more than what they are supposed to see, but a few make an effort to unearth parts of the site that aren't designed to be evident to the world. Pernicious visitors aim to do other than merely look; they try to unfasten the window and steal through. The harm they could inflict might be sheer vandalism, for instance substituting the website's home page with theirs which could say or show anything, or else it could be theft, such as appropriating a customers or orders database.

It's hard to elude the likelihood that complex software includes bugs. No matter how carefully it's tested, there will be usually some order of events or user actions, though it might be infrequent, that will cause a failure. Software bugs cause flaws in system security. A Web server is intricate software which can very possibly include a security flaw.

It is not just the complexity of a Web server which may trigger a problem, but also its open architecture. Think about a CGI script as an example. A CGI script may be run at the server in response to a remote call from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there's a risk of a security violation.

Network Administrators also have to confront problems from Web servers due to the threat they pose to the security of the local area network. Whereas there should be no unauthorised incursions, admittance must be granted to website visitors. This means that access to the network has to be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall can be compromised if the Web server is configured badly. By the same token, normal use of the website may be not possible if the firewall is configured badly. Arriving at an ideal solution is still more tricky if an intranet forms a constituent of the system. Commonly, the Web server then has to be configured to recognize and validate domains and user groups, which are likely to have differing permission levels and access privileges.

Tip: For information regarding a certain feature of web site security, something like "web site security practices", look for the full phrase on the Web.

Almost all people using a browser to surf the Internet believe that they really are doing so incognito and in safety. This is not correct. Web browsers are able to execute autonomous programs on the local machine that are resident on a web site. Current browsers display a notice and ask consent to execute such programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily install a virus or other dangerous software on the browser user's PC. Once it's in the system it can wreak all kinds of damage and may be exceedingly difficult to remove.

This is also a worry for Network Administrators. Web browsers supply a means for potentially malicious software to permeate all the way through the local area network's firewall. When it is in the network, the harm it might inflict can range from surreptitiously stealing confidential information to gratuitous carnage.

Apart from the matters regarding active content, merely browsing the Web leaves a trail of the user's activities in the browser's history. This can be utilized by web sites and installed programs to establish a precise report of the user's behavior and interests. While this might be frowned upon as an invasion of privacy by some people, it can be constructive by displaying related content right away, thus exonerating the user of the chore of searching for it.

Secrecy is a subject which concerns not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was formed, security wasn't the most essential aspect of its design. Both network and Internet transmissions should therefore not be thought of as as automatically confidential. When the browser on a local machine downloads a confidential file from the remote Web server, or the browser user fills out a form with confidential information and clicks the 'Submit' button, the transmitted data can be intercepted without authorisation.

To find out more about 'web site security practices', visit website-security.biz.