Website security basics

This 'website security basics' article is supplied by Web Site Security, where you can find more information about website security basics.

Web Site Security Issues - An Overview



Unfortunately, there are various ways in which web site security can be breached. For example, security hazards lurk insidiously which have an effect on Web servers and LANs (local area networks) where Web sites are located, even by the routine use of a Web browser.

Web Masters face the flak when managing the most significant threats. As soon as a Web server is set up at a site, a window materialises in the local area network through which anyone using the Internet can peep. Of course, most web site visitors see only what they're meant to see, but a handful of them try to locate areas of the site which aren't intended to be perceptible to the world. Iniquitous visitors desire to do other than merely look; they make an attempt to unfasten the window and steal in. The harm intruders could inflict might be sheer vandalism, for example substituting the web site's home page with one of theirs that might say or display anything at all, or it could be larceny, such as gaining possession of a customers or sales list.

It's hard to escape the likelihood that intricate software includes bugs. No matter how thoroughly it is tested, there exists frequently some combination of events or user actions, even if it may be uncommon, that creates an error. Computer software bugs produce gaps in system security. A Web server is intricate software which can very possibly contain a security gap.

It's not only the complexity of a Web server that may cause a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script may be executed at the server in response to a remote call from a client. This might be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there could be a chance of a security breach.

Network Administrators also have to take on problems from Web servers because of the threat they pose to the security of the local area network. Despite the fact that there ought to be no unauthorised intrusions, access has to be granted to web site visitors. This means that access to the network has to be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall can be breached if the Web server is configured badly. Bearing that in mind, normal use of the website may be not viable if the firewall is configured badly. Finding a model answer is still more difficult if an intranet exists as an element of the system. Typically, the Web server then needs to be configured to identify and authenticate domains and user groups, which are liable to have differing permission levels and access rights.

Suggestion: For ideas as regards a specific view of web site security, e.g. "website security basics", search for the full expression on the Internet.

Almost everyone using a browser to surf the Net suppose that they're doing so secretly and safely. It is not the case. Web browsers can run self-contained software programs on the user's machine that are resident on a website. Modern browsers show a caution and request authorization to execute those programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily inject a virus or other hazardous software on the browser user's computer. When it is in the system it can inflict all kinds of havoc and may be extremely stubborn to eradicate.

This is also a concern for Network Administrators. Web browsers present a means for possibly malicious software to filter all the way through the local area network's firewall. As soon as it is in the system, the harm it could cause can stretch from furtively appropriating sensitive data to willful destruction.

Aside from the matters involving active content, merely browsing the Net records a trail of the user's activities in the browser's history. This could be utilised by web sites and installed programs to create an exact report of the user's behaviour and preferences. Whereas this may be unacceptable as an invasion of privacy by some people, it can be positively effective by showing related subject matter instantaneously, thus unburdening the user of the job of looking for it.

Privacy is an issue which concerns not just browser users but also Web Masters and Network Administrators in the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the most crucial aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily private. Each time the browser on a local machine downloads a private file from the remote Web server, or the browser user fills in a form with private information and clicks the 'Submit' button, the transmitted data may be intercepted without consent.

To find out more about 'website security basics', visit website-security.biz.