Web site security risks

This 'web site security risks' article is supplied by Web Site Security, where you can find more information about web site security risks.

An Assessment of Website Security Considerations



Unfortunately, there are a lot of ways in which website security can be breached. Security risks lurk insidiously that could affect Web servers and LANs (local area networks) on which Websites reside, even by the regular use of a Web browser.

Web Masters are in the front line when dealing with the major threats. As soon as a Web server is set up at a site, a porthole is established in the local area network through which anyone on the Internet can peer. Naturally, on the whole web site visitors look at no more than what they're supposed to look at, but a few endeavor to find parts of the site that are not supposed to be evident to the rest of the world. Fraudulent visitors aspire to do more than simply look; they make an attempt to unbolt the window and sneak in. The harm they could cause might be mere vandalism, for instance changing the web site's home page with one of theirs which might say or display anything at all, or else it might be theft, like stealing a customers or orders database.

It is difficult to escape the virtual certainty that complex computer software includes bugs. Regardless of how methodically it's tested, there does exist by and large a certain order of events or user actions, though it might happen hardly ever, which brings about an error. Computer software bugs produce flaws in system security. A Web server is complicated software that can very probably contain a security opening.

It is not only the complexity of a Web server which may instigate a glitch, but also its open architecture. Think about a CGI script as an illustration. A CGI script can be run at the server in answer to a remote request from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there is a risk of a security violation.

Network Administrators also have to tackle problems from Web servers as a consequence of the threat they pose to the security of the local area network. Though there must be no unauthorised intrusions, admission must be granted to web site visitors. This means that access to the network has to be regulated. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be compromised if the Web server is configured poorly. Bearing that in mind, normal use of the website can be not viable if the firewall is configured badly. Attaining a model solution is even more tricky if an intranet forms an element of the system. Usually, the Web server then needs to be configured to recognise and authenticate domains and user groups, which are liable to have differing permission levels and access privileges.

Suggestion: For information on a specialised view of website security, something like "web site security risks", look for the full phrase on the Net.

Nearly all people using a browser to surf the Web think that they're doing so namelessly and in safety. It is not the case. Web browsers are able to process autonomous software on the user's computer which are resident on a website. Modern browsers display a caution and ask authorization to run such programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily deposit a virus or other dangerous software on the browser user's machine. Once it's in the system it can inflict all kinds of damage and can be exceedingly stubborn to eliminate.

This is also a worry for Network Administrators. Web browsers provide a path for possibly malicious software to filter all the way through the local area network's firewall. After it is in the network, the harm it is able to cause can vary from clandestinely appropriating sensitive information to gratuitous carnage.

Besides the problems in re active content, just surfing the Internet records a trail of the user's activities in the browser's history. This could be utilized by websites and installed software to determine an exact report of the user's behaviour and interests. Though this may be unacceptable as an invasion of privacy by some people, it can be constructive by displaying related content straight away, so relieving the user of the task of searching for it.

Confidentiality is a matter that worries not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data by means of the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was formed, security was not the most significant aspect of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially private. Whenever the browser on a local PC downloads a private document from the remote Web server, or the browser user completes a form with personal data and clicks the 'Submit' button, the transmitted data could be intercepted without consent.

To find out more about 'web site security risks', visit website-security.biz.