Website security breaches

This 'website security breaches' article is supplied by Web Site Security, where you can find more information about website security breaches.

Website Security Considerations - An Assessment



Alas, there are a lot of ways in which web site security can be undermined. Security risks exist which impinge on Web servers and LANs (local area networks) where Web sites are located, even by the routine use of a Web browser.

Web Masters face the flak when dealing with the gravest threats. As soon as a Web server is set up at a site, a window is created in the local area network through which anyone who's on the Internet can peep. Of course, nearly all web site visitors look at no more than what they are meant to see, but some try to locate elements of the site that aren't supposed to be perceptible to the world. Malicious visitors intend to do more than just look; they try to open the window and steal through. The harm they may inflict might be sheer vandalism, for example changing the web site's home page with theirs that could say or display absolutely anything, or it might be larceny, such as gaining possession of a contacts or orders database.

It is hard to avoid the virtual certainty that convoluted software contains bugs. Regardless of how carefully it's tested, there's more often than not a certain pattern of events or user actions, though it may be uncommon, that causes a fault. Software bugs produce breaches in system security. A Web server is complicated software that may quite probably contain a security defect.

It's not only the complexity of a Web server which can cause a problem, but also its open architecture. Think about a CGI script as an illustration. A CGI script can be processed at the server in response to a remote request from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there could be a chance of a security violation.

Network Administrators also have to tackle problems from Web servers by reason of the threat they pose to the security of the local area network. Despite the fact that there should be no unauthorised intrusions, right of entry must be granted to website visitors. This means that access to the network has to be regulated. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall can be compromised if the Web server is configured badly. Concomitant with this constraint, normal use of the website can be not viable if the firewall is configured poorly. Arriving at a model solution is still more difficult if an intranet is a constituent of the system. Normally, the Web server in that case must be configured to recognise and validate domains and user groups, which are likely to have differing permission levels and access rights.

Hint: For advice in relation to a specialized feature of web site security, for example "website security breaches", search for the complete expression on the Web.

Nearly everybody using a browser to surf the Net trust that they are doing it namelessly and in safety. It is not so. Web browsers can process self-contained programs on the user's computer which are hosted by a web site. Modern browsers show a caution and ask authorisation to run such programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily deposit a virus or other dangerous software on the browser user's computer. When it is in the system it can wreak all kinds of havoc and may be exceedingly tough to remove.

This is also a worry for Network Administrators. Web browsers make available a path for possibly malicious software to permeate through the local area network's firewall. Once it is in the network, the damage it might inflict can range from secretly gaining possession of sensitive data to wanton carnage.

Besides the issues in re active content, merely browsing the Internet leaves a trail of the user's activities in the browser's history. This could be utilized by web sites and installed programs to create a precise profile of the user's behavior and interests. Whereas this may be frowned upon as an invasion of privacy by some people, it can be helpful by showing relevant subject matter straight away, so unburdening the user of the task of trying to find it.

Secrecy is an issue that concerns not only browser users but also Web Masters and Network Administrators during the actual transmission of data via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security was not the most crucial aspect of its design. Both network and Internet transmissions should therefore not be thought of as as automatically private. Any time the browser on a local computer downloads a private file from the remote Web server, or the browser user fills in a form with confidential information and clicks the 'Submit' button, the transmitted data can be intercepted without authorization.

To find out more about 'website security breaches', visit website-security.biz.