Website security and privacy

This 'website security and privacy' article is supplied by Web Site Security, where you can find more information about website security and privacy.

An Evaluation of Web Site Security Considerations



It is unfortunate, but there are various ways in which web site security can be jeopardised. For example, security risks are ever present that might impinge on Web servers and LANs (local area networks) on which Websites are situated, even by the ordinary use of a Web browser.

Web Masters bear the brunt when handling the critical risks. As soon as a Web server is set up at a site, a window is created in the local area network through which anyone on the Internet can peep. Naturally, the majority of website visitors look at no more than what they are supposed to look at, but a small number attempt to discover elements of the site that are not meant to be perceptible to the world. Fraudulent visitors want to go further than simply look; they make an effort to unbolt the window and slip through. The damage intruders may inflict might be mere vandalism, like changing the website's home page with theirs which could say or display anything, or it might be robbery, such as stealing a contacts or orders database.

It's hard to escape the likelihood that intricate software has bugs. Regardless of how scrupulously it's tested, there exists frequently a particular permutation of events or user actions, even though it may crop up hardly ever, that brings about a fault. Software bugs produce breaches in system security. A Web server is convoluted software that can very easily include a security hole.

It is not only the intricacy of a Web server which may produce a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script can be run at the server in reply to a remote call from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there could be a possibility of a security violation.

Network Administrators also have to face problems from Web servers on account of the threat they pose to the security of the local area network. Though there should be no unauthorised incursions, admission has to be given to website visitors. This means that access to the network has to be regulated. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured poorly. Concomitant with this constraint, normal use of the website can be unattainable if the firewall is configured poorly. Attaining an ideal resolution is still more complicated if an intranet forms a constituent of the system. Usually, the Web server then needs to be configured to recognize and verify domains and user groups, which are apt to have differing permission levels and access rights.

Tip: For information as regards a special view of web site security, for example "website security and privacy", look for the complete expression on the Web.

Almost all people using a browser to surf the Net think that they are doing it in secret and securely. This is not the case. Web browsers may run self-contained software programs on the user's machine that are located on a website. Current browsers display a warning and request consent to run these kinds of programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily deposit a virus or other dangerous software on the browser user's machine. When it is in the system it can inflict all kinds of damage and can be very difficult to get rid of.

This is also a worry for Network Administrators. Web browsers make available a means for possibly malicious software to permeate through the local area network's firewall. Once it is in the network, the damage it could cause can stretch from clandestinely appropriating confidential data to wilful destruction.

Apart from the problems in re active content, just surfing the Net leaves a trail of the user's activities in the browser's history. This can be utilised by web sites and installed software programs to determine a precise profile of the user's behaviour and interests. While this might be thought of as an invasion of privacy by some people, it can be constructive by showing germane subject matter instantaneously, so relieving the user of the task of searching for it.

Privacy is a question which concerns not just browser users but also Web Masters and Network Administrators in the actual transmission of information via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security wasn't the most essential aspect of its design. Both network and Internet transmissions should therefore not be considered as automatically private. Any time the browser on a local PC downloads a sensitive file from the remote Web server, or the browser user fills out a form with confidential information and clicks the 'Submit' button, the transmitted information might be intercepted without authorization.

To find out more about 'website security and privacy', visit website-security.biz.