Web site security systems

This 'web site security systems' article is supplied by Web Site Security, where you can find more information about web site security systems.

Evaluating Website Security Concerns



An unfortunate fact is that there are a lot of ways in which website security can be endangered. Security hazards lurk insidiously which impinge on Web servers and LANs (local area networks) on which Web sites reside, even by the natural use of a Web browser.

Web Masters bear the brunt when managing the critical threats. As soon as a Web server is set up at a site, a porthole is created in the local area network through which anyone who's using the Internet can peer. Certainly, the majority of website visitors look at only what they are supposed to see, but a number of them endeavor to locate parts of the site that aren't designed to be detectable by the public. Pernicious visitors intend to go further than just look; they make an effort to undo the window and slip in. The damage intruders can inflict might be sheer vandalism, for example replacing the web site's home page with one of their own that could say or display absolutely anything, or else it could be larceny, such as stealing a customers or sales database.

It is difficult to avoid the virtual certainty that convoluted computer software has bugs. No matter how meticulously it is tested, there will be more often than not a particular permutation of events or user actions, although it may be rare, that brings about a failure. Computer software bugs create holes in system security. A Web server is convoluted software that may quite likely include a security hole.

It's not merely the intricacy of a Web server which can create a problem, but also its open architecture. Consider a CGI script as a case in point. A CGI script may be executed at the server in answer to a remote request from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there's a risk of a security breach.

Network Administrators also have to tackle problems from Web servers because of the danger they pose to the security of the local area network. While there must be no unauthorized incursions, access has to be granted to web site visitors. This means that access to the network must be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be undermined if the Web server is configured badly. By the same token, normal use of the website may be unachievable if the firewall is configured poorly. Reaching a perfect solution is even more complicated if an intranet exists as part of the system. Normally, the Web server then has to be configured to distinguish and verify domains and user groups, which are apt to have differing permission levels and access privileges.

Suggestion: For information with reference to a specialised viewpoint of web site security, e.g. "web site security systems", look for the full phrase on the Net.

Nearly all people using a browser to surf the Web think that they are doing so incognito and safely. This is not correct. Web browsers may process self-contained software programs on the user's computer which are resident on a website. Modern browsers display a caution and ask permission to execute such programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily inject a virus or other hazardous software on the browser user's computer. Once it is in the system it can wreak all kinds of catastrophe and may be extremely tricky to remove.

This is also a concern for Network Administrators. Web browsers offer a means for potentially malicious software to filter all the way through the local area network's firewall. As soon as it is in the network, the harm it is able to cause can stretch from covertly appropriating confidential information to motiveless spoliation.

Besides the matters to do with active content, simply surfing the Internet leaves a trail of the user's activities in the browser's history. This can be utilised by web sites and installed software to ascertain a precise profile of the user's behavior and preferences. Despite the fact that this might be unacceptable as an invasion of privacy by some people, it can be advantageous by offering pertinent subject matter directly, thus relieving the user of the task of searching for it.

Confidentiality is a matter which concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security wasn't the most critical feature of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily private. When the browser on a local computer downloads a sensitive document from the remote Web server, or the browser user completes a form with personal data and clicks the 'Submit' button, the transmitted information could be intercepted without authorisation.

To find out more about 'web site security systems', visit website-security.biz.