Website security best practices

This 'website security best practices' article is supplied by Web Site Security, where you can find more information about website security best practices.

Website Security Considerations - An Evaluation



An unfortunate fact is that there are a lot of ways in which website security can be endangered. Security hazards are ever present that affect Web servers and LANs (local area networks) on which Websites are located, even by the routine use of a Web browser.

Web Masters are in the front line when dealing with the major threats. As soon as a Web server is installed at a site, a porthole is made in the local area network through which anyone on the Internet can look. Obviously, most website visitors see only what they are meant to look at, but a number of them attempt to unearth elements of the site which aren't designed to be evident to the general public. Unscrupulous visitors aim to go further than merely look; they attempt to open the window and sneak through it. The damage intruders can inflict might be mere vandalism, for example changing the website's home page with one of their own which could say or display anything, or else it might be burglary, such as stealing a contacts or sales list.

It is difficult to avoid the virtual certainty that intricate software contains bugs. No matter how thoroughly it is tested, there exists as a rule a particular combination of events or user actions, though it might come about hardly ever, that will cause a failure. Software bugs create flaws in system security. A Web server is convoluted software that may quite easily contain a security flaw.

It is not just the intricacy of a Web server which may cause a problem, but also its open architecture. Think about a CGI script as an example. A CGI script may be run at the server in answer to a remote call from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there could be a risk of a security violation.

Network Administrators also have to handle problems from Web servers owing to the danger they pose to the security of the local area network. Although there ought to be no unauthorized incursions, admittance has to be granted to website visitors. This means that access to the network must be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall can be breached if the Web server is configured poorly. Concomitant with this constraint, normal use of the website can be not viable if the firewall is configured badly. Reaching a perfect solution is still more difficult if an intranet is an element of the system. Normally, the Web server in that case needs to be configured to distinguish and verify domains and user groups, which are likely to have differing permission levels and access rights.

Tip: For information concerning an individual viewpoint of web site security, for example "website security best practices", search for the complete expression on the Internet.

Most of the people using a browser to surf the Web suppose that they are doing so incognito and securely. It is not correct. Web browsers may run autonomous software programs on the user's machine which are located on a web site. Modern browsers display a caution and request authorisation to run those programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily install a virus or other dangerous software on the browser user's machine. When it is in the system it can cause all kinds of havoc and can be very stubborn to eliminate.

This is also a concern for Network Administrators. Web browsers make available a route for possibly malicious software to seep all the way through the local area network's firewall. Once it is in the system, the damage it may cause can extend from clandestinely appropriating sensitive information to motiveless destruction.

Apart from the concerns surrounding active content, simply surfing the Net leaves a trail of the user's activities in the browser's history. This may be used by web sites and installed programs to create an accurate report of the user's behavior and preferences. Despite the fact that this may be thought of as an invasion of privacy by some people, it can be useful by supplying applicable subject matter straight away, so unburdening the user of the job of trying to find it.

Privacy is an issue which concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security was not the principal factor of its blueprint. Both network and Internet transmissions should therefore not be thought of as as automatically confidential. Whenever the browser on a local computer downloads a sensitive document from the remote Web server, or the browser user completes a form with confidential information and clicks the 'Submit' button, the transmitted data can be intercepted without authorization.

To find out more about 'website security best practices', visit website-security.biz.