Web site security verification

This 'web site security verification' article is supplied by Web Site Security, where you can find more information about web site security verification.

Web Site Security Considerations - An Evaluation



Alas, there are lots of ways in which web site security can be endangered. Security hazards exist which may affect Web servers and LANs (local area networks) where Websites reside, even by the typical use of a Web browser.

Web Masters face the flak when handling the critical threats. As soon as a Web server is installed at a site, a window materialises in the local area network through which anyone on the Internet can peer. Obviously, most web site visitors look at only what they're supposed to look at, but a small number attempt to locate elements of the site which aren't designed to be evident to the general public. Iniquitous visitors would like to do more than only look; they endeavor to undo the window and slither through it. The harm intruders could cause might be mere vandalism, such as substituting the website's home page with one of theirs that could say or display absolutely anything, or it could be larceny, such as gaining possession of a contacts or orders database.

It's difficult to escape the virtual certainty that complex software has bugs. No matter how systematically it is tested, there's frequently a certain order of events or user actions, although it may be uncommon, that leads to an error. Software bugs create gaps in system security. A Web server is intricate software that may very possibly include a security flaw.

It's not just the complexity of a Web server that can produce a problem, but also its open architecture. Consider a CGI script as a case in point. A CGI script may be processed at the server in response to a remote request from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there's a chance of a security breach.

Network Administrators also have to cope with problems from Web servers on account of the threat they pose to the security of the local area network. Despite the fact that there must be no unauthorized intrusions, admittance must be granted to website visitors. This means that access to the network should be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be undermined if the Web server is configured poorly. By the same token, normal use of the website can be not possible if the firewall is configured poorly. Arriving at an ideal solution is even more complicated if an intranet is an element of the system. Commonly, the Web server then must be configured to distinguish and authenticate domains and user groups, which are likely to have varying permission levels and access rights.

Tip: For advice regarding a detailed side of web site security, something like "web site security verification", look for the complete phrase on the Net.

The majority of people using a browser to surf the Net suppose that they are doing it anonymously and securely. It is not correct. Web browsers may process self-contained programs on the user's computer that are located on a website. Current browsers show a caution and request authorisation to execute these kinds of programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily deposit a virus or other hazardous software on the browser user's computer. When it is in the system it can wreak all kinds of damage and may be very awkward to eliminate.

This is also a concern for Network Administrators. Web browsers afford a way for possibly malicious software to permeate through the local area network's firewall. When it is in the network, the harm it can cause can go from covertly appropriating sensitive information to gratuitous demolition.

Aside from the problems surrounding active content, merely browsing the Internet records a trail of the user's activities in the browser's history. This can be utilized by web sites and installed programs to establish an accurate report of the user's behaviour and interests. Whereas this might be considered an invasion of privacy by some people, it can be useful by providing germane content directly, thus relieving the user of the job of searching for it.

Privacy is a topic which worries not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was formed, security wasn't the most critical aspect of its design. Both network and Internet transmissions should therefore not be thought of as as automatically private. Whenever the browser on a local PC downloads a private document from the remote Web server, or the browser user completes a form with confidential data and clicks the 'Submit' button, the transmitted information might be intercepted without consent.

To find out more about 'web site security verification', visit website-security.biz.