Web site security procedures

This 'web site security procedures' article is supplied by Web Site Security, where you can find more information about web site security procedures.

An Evaluation of Web Site Security Considerations



Alas, there are lots of ways in which web site security can be adversely affected. For example, security dangers are ever present that impinge on Web servers and LANs (local area networks) where Web sites are situated, even by the natural use of a Web browser.

Web Masters are in the front line when dealing with the major threats. As soon as a Web server is set up at a site, a porthole materialises in the local area network through which anyone who is on the Internet can look. Of course, nearly all website visitors see no more than what they are supposed to look at, but a small number attempt to discover areas of the site which are not supposed to be observable by all and sundry. Pernicious visitors wish to do more than merely look; they attempt to undo the window and steal in. The harm intruders can cause might be sheer vandalism, such as changing the web site's home page with one of theirs that could say or put on view absolutely anything, or else it could be robbery, such as gaining possession of a contacts or sales database.

It is difficult to escape the probability that complex computer software has bugs. Regardless of how comprehensively it's tested, there is by and large some order of events or user actions, although it might be rare, which brings about a fault. Computer software bugs give rise to gaps in system security. A Web server is involved software which can very likely contain a security fault.

It is not only the intricacy of a Web server which may cause a glitch, but also its open architecture. Think about a CGI script as an example. A CGI script may be run at the server in reply to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there may be a risk of a security violation.

Network Administrators also have to deal with problems from Web servers as a consequence of the risk they pose to the security of the local area network. While there should be no unauthorized intrusions, right of entry has to be given to website visitors. This means that access to the network has to be regulated. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall may be breached if the Web server is configured badly. Bearing that in mind, normal use of the web site may be unachievable if the firewall is configured badly. Arriving at an ideal solution is yet more difficult if an intranet is part of the system. Usually, the Web server in that case must be configured to recognise and authenticate domains and user groups, which are apt to have differing permission levels and access privileges.

Hint: For information on a specialised side of web site security, such as "web site security procedures", look for the complete phrase on the Web.

Almost everyone using a browser to surf the Net suppose that they really are doing it anonymously and in safety. This is not so. Web browsers are able to process self-contained programs on the local computer that are resident on a web site. Modern browsers display a notice and ask authorisation to run those programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily install a virus or other hazardous software on the browser user's computer. Once it is in the system it can wreak all kinds of catastrophe and can be exceedingly awkward to eliminate.

This is also a concern for Network Administrators. Web browsers offer a way for potentially malicious software to permeate through the local area network's firewall. After it is in the network, the damage it may cause can vary from surreptitiously gaining possession of confidential information to wilful demolition.

Besides the problems to do with active content, just browsing the Web leaves a trail of the user's activities in the browser's history. This may be utilized by websites and installed programs to determine an accurate profile of the user's behavior and preferences. While this might be thought of as an invasion of privacy by some, it can be helpful by displaying related content right away, so unburdening the user of the job of searching for it.

Privacy is a subject which worries not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was formed, security was not the principal aspect of its design. Both network and Internet transmissions should therefore not be thought of as as automatically confidential. Any time the browser on a local PC downloads a private document from the remote Web server, or the browser user completes a form with personal data and clicks the 'Submit' button, the transmitted data could be intercepted without consent.

To find out more about 'web site security procedures', visit website-security.biz.