Web site security questions

This 'web site security questions' article is supplied by Web Site Security, where you can find more information about web site security questions.

Web Site Security Issues - An Understanding



It's unfortunate, but there are numerous ways in which web site security can be breached. For example, security dangers are ever present that impinge on Web servers and LANs (local area networks) on which Web sites reside, even by the natural use of a Web browser.

Web Masters come under fire when dealing with the major challenges. As soon as a Web server is installed at a site, a porthole is constructed in the local area network through which anyone who is on the Internet can peek. Of course, the majority of website visitors see only what they are supposed to see, but a minority endeavor to uncover areas of the site which aren't intended to be evident to the public. Pernicious visitors would like to go further than simply look; they endeavour to unlock the window and creep through it. The harm they may inflict might be mere vandalism, such as replacing the website's home page with one of their own which could say or show absolutely anything, or it might be burglary, such as stealing a customers or sales database.

It is hard to avoid the probability that complicated software has bugs. Regardless of how exhaustively it is tested, there does exist frequently a certain combination of events or user actions, while it may be uncommon, which brings about a fault. Software bugs give rise to holes in system security. A Web server is complex software that may very probably include a security weakness.

It's not just the complexity of a Web server which can trigger a glitch, but also its open architecture. Consider a CGI script as a case in point. A CGI script can be processed at the server in response to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there's a danger of a security violation.

Network Administrators also have to deal with problems from Web servers owing to the threat they pose to the security of the local area network. Despite the fact that there must be no unauthorized intrusions, admission has to be granted to website visitors. This means that access to the network must be controlled. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall may be undermined if the Web server is configured badly. Concomitant with this constraint, normal use of the website may be unachievable if the firewall is configured badly. Finding a model solution is even more difficult if an intranet exists as an element of the system. Normally, the Web server in that case must be configured to recognize and authenticate domains and user groups, which are liable to have varying permission levels and access rights.

Hint: For help in relation to a specific view of web site security, e.g. "web site security questions", search for the complete phrase on the Net.

Nearly everybody using a browser to surf the Net think that they're doing it anonymously and in safety. It is not correct. Web browsers can process self-contained programs on the local machine that are located on a web site. Modern browsers display a caution and request consent to run these kinds of programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily leave a virus or other dangerous software on the browser user's computer. When it is in the system it can wreak all kinds of damage and may be very tricky to remove.

This is also a concern for Network Administrators. Web browsers offer a means for possibly malicious software to filter all the way through the local area network's firewall. After it is in the network, the damage it could inflict can range from covertly gaining possession of private data to willful destruction.

Aside from the concerns regarding active content, just surfing the Web leaves a trail of the user's activities in the browser's history. This could be utilized by web sites and installed programs to establish an exact profile of the user's behaviour and preferences. While this might be unacceptable as an invasion of privacy by some people, it can be helpful by showing applicable subject matter straight away, so exonerating the user of the task of searching for it.

Secrecy is a matter which worries not only browser users but also Web Masters and Network Administrators during the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was created, security wasn't the most essential factor of its design. Both network and Internet transmissions should therefore not be considered as necessarily confidential. Each time the browser on a local machine downloads a private file from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted information can be intercepted without consent.

To find out more about 'web site security questions', visit website-security.biz.