Website security and confidentiality

This 'website security and confidentiality' article is supplied by Web Site Security, where you can find more information about website security and confidentiality.

An Examination of Web Site Security Considerations



It is unfortunate, but there are many ways in which website security can be jeopardised. Security hazards exist that impinge on Web servers and LANs (local area networks) on which Web sites reside, even by the natural use of a Web browser.

Web Masters shoulder the responsibility when coping with the major risks. As soon as a Web server is set up at a site, a window materialises in the local area network through which anyone on the Internet can look. Certainly, most web site visitors look at only what they are supposed to see, but a minority attempt to find elements of the site which are not supposed to be detectable by the world. Nefarious visitors desire to do other than merely look; they try to open the window and sneak inside. The harm they could cause might be mere vandalism, for instance changing the web site's home page with theirs which might say or display anything, or it could be theft, such as gaining possession of a customers or orders database.

It is difficult to escape the likelihood that convoluted computer software has bugs. No matter how exhaustively it's tested, you can find as a rule a particular combination of events or user actions, even if it may take place seldom, which leads to a fault. Software bugs give rise to holes in system security. A Web server is intricate software which may very easily include a security gap.

It's not just the intricacy of a Web server that can cause a glitch, but also its open architecture. Consider a CGI script as an illustration. A CGI script may be run at the server in response to a remote call from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there will be a chance of a security breach.

Network Administrators also have to take on problems from Web servers owing to the threat they pose to the security of the local area network. While there ought to be no unauthorized incursions, admission must be granted to website visitors. This means that access to the network should be regulated. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall can be compromised if the Web server is configured badly. Bearing that in mind, normal use of the web site can be unattainable if the firewall is configured badly. Reaching a model solution is even more complicated if an intranet forms an element of the system. Normally, the Web server in that case has to be configured to distinguish and validate domains and user groups, which are apt to have varying permission levels and access privileges.

Suggestion: For help regarding a particular side of web site security, e.g. "website security and confidentiality", search for the full phrase on the Net.

Most people using a browser to surf the Internet suppose that they are doing so secretly and securely. It is not so. Web browsers can execute self-contained software programs on the client computer which are hosted by a web site. Modern browsers display a warning and ask authorization to execute these kinds of programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily inject a virus or other dangerous software on the browser user's PC. As soon as it's in the system it can wreak all kinds of havoc and may be exceedingly problematical to remove.

This is also a worry for Network Administrators. Web browsers offer a means for possibly malicious software to filter through the local area network's firewall. After it is in the network, the damage it can cause can go from secretly appropriating confidential data to meaningless carnage.

Besides the problems to do with active content, simply surfing the Net records a trail of the user's activities in the browser's history. This may be utilized by websites and installed software programs to establish a precise report of the user's behavior and interests. Though this might be thought of as an invasion of privacy by some people, it can be useful by providing pertinent subject matter directly, so exonerating the user of the job of searching for it.

Confidentiality is an issue that concerns not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially confidential. Each time the browser on a local computer downloads a confidential document from the remote Web server, or the browser user fills out a form with private information and clicks the 'Submit' button, the transmitted information can be intercepted without authorisation.

To find out more about 'website security and confidentiality', visit website-security.biz.