Web site security problems

This 'web site security problems' article is supplied by Web Site Security, where you can find more information about web site security problems.

An Examination of Web Site Security Issues



Alas, there are various ways in which web site security can be breached. For example, security hazards lurk insidiously which might impinge on Web servers and LANs (local area networks) where Websites are situated, even by the natural use of a Web browser.

Web Masters are in the front line when coping with the most dangerous challenges. As soon as a Web server is set up at a site, a window is constructed in the local area network through which anyone on the Internet can look. Of course, nearly all website visitors look at no more than what they're supposed to see, but a minority make an effort to discover elements of the site which are not meant to be perceptible to the rest of the world. Dishonest visitors intend to go further than just look; they make an effort to open the window and steal through. The harm intruders can cause might be mere vandalism, like substituting the web site's home page with theirs which might say or display anything, or it might be larceny, like gaining possession of a contacts or orders list.

It's difficult to avoid the likelihood that complex computer software includes bugs. No matter how carefully it is tested, there is by and large a certain permutation of events or user actions, though it may be uncommon, which brings about a fault. Computer software bugs cause holes in system security. A Web server is convoluted software which can quite likely contain a security crack.

It is not just the intricacy of a Web server that may produce a problem, but also its open architecture. Think about a CGI script as an example. A CGI script can be executed at the server in reply to a remote request from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there could be a possibility of a security violation.

Network Administrators also have to tackle problems from Web servers owing to the risk they pose to the security of the local area network. Although there must be no unauthorised incursions, right of entry has to be given to web site visitors. This means that access to the network should be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall may be undermined if the Web server is configured poorly. By the same token, normal use of the website may be unachievable if the firewall is configured badly. Finding an ideal solution is still more complicated if an intranet forms part of the system. Commonly, the Web server then needs to be configured to distinguish and authenticate domains and user groups, which are likely to have varying permission levels and access privileges.

Tip: For information in relation to a special aspect of website security, e.g. "web site security problems", look for the full phrase on the Web.

Almost anyone using a browser to surf the Net think that they really are doing so secretly and safely. It is not so. Web browsers may process self-contained programs on the user's computer which are located on a web site. Modern browsers show a notice and ask permission to execute these kinds of programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily leave a virus or other dangerous software on the browser user's machine. After it's in the system it can inflict all kinds of havoc and can be extremely hard to eradicate.

This is also a worry for Network Administrators. Web browsers make available a path for possibly malicious software to filter through the local area network's firewall. After it is in the network, the damage it may inflict can vary from furtively stealing sensitive information to willful spoliation.

Besides the matters in re active content, merely browsing the Net leaves a trail of the user's activities in the browser's history. This may be utilized by web sites and installed programs to create an exact profile of the user's behaviour and interests. Though this may be considered an invasion of privacy by some, it can be constructive by offering pertinent content right away, thus unburdening the user of the task of searching for it.

Privacy is a matter that concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data by means of the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was created, security wasn't the most crucial feature of its design. Both network and Internet transmissions should therefore not be considered as necessarily confidential. Whenever the browser on a local computer downloads a sensitive file from the remote Web server, or the browser user fills in a form with confidential information and clicks the 'Submit' button, the transmitted data could be intercepted without consent.

To find out more about 'web site security problems', visit website-security.biz.