Website security checklist

This 'website security checklist' article is supplied by Web Site Security, where you can find more information about website security checklist.

An Assessment of Website Security Considerations



Alas, there are various ways in which website security can be compromised. For example, security risks exist that affect Web servers and LANs (local area networks) on which Web sites reside, even by the natural use of a Web browser.

Web Masters shoulder the responsibility when managing the gravest risks. As soon as a Web server is installed at a site, a porthole is made in the local area network through which anyone who's on the Internet can peer. Obviously, on the whole web site visitors look at no more than what they are meant to see, but some attempt to locate elements of the site which are not designed to be observable by the public. Dishonest visitors intend to go further than merely look; they try to unbolt the window and slither in. The damage they could cause might be sheer vandalism, such as changing the website's home page with theirs that might say or display absolutely anything at all, or it might be larceny, like gaining possession of a customers or orders list.

It is difficult to avoid the likelihood that complex software contains bugs. Regardless of how methodically it is tested, there is typically a certain permutation of events or user actions, even if it may crop up infrequently, which brings about a failure. Computer software bugs create gaps in system security. A Web server is complex software which can quite possibly include a security hole.

It is not only the intricacy of a Web server which can create a glitch, but also its open architecture. Consider a CGI script as an illustration. A CGI script can be run at the server in reply to a remote request from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script includes a bug, there could be a chance of a security violation.

Network Administrators also have to face problems from Web servers due to the risk they pose to the security of the local area network. Despite the fact that there must be no unauthorized intrusions, admittance must be given to website visitors. This means that access to the network has to be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be undermined if the Web server is configured poorly. Concomitant with this constraint, normal use of the website may be not viable if the firewall is configured poorly. Reaching an ideal solution is yet more difficult if an intranet forms a constituent of the system. Commonly, the Web server in that case must be configured to recognize and authenticate domains and user groups, which are likely to have varying permission levels and access privileges.

Suggestion: For ideas as regards a special viewpoint of website security, such as "website security checklist", look for the full phrase on the Internet.

Almost all people using a browser to surf the Web suppose that they are doing it anonymously and safely. This is not correct. Web browsers are able to run autonomous programs on the local machine that are hosted by a web site. Modern browsers show a warning and ask authorization to run these kinds of programs. Well-known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily inject a virus or other hazardous software on the browser user's machine. Once it's in the system it can cause all kinds of havoc and may be very problematical to remove.

This is also a worry for Network Administrators. Web browsers make available a path for potentially malicious software to filter all the way through the local area network's firewall. Once it is in the system, the harm it may inflict can stretch from surreptitiously appropriating private data to wilful demolition.

Besides the problems in re active content, just browsing the Internet records a trail of the user's activities in the browser's history. This may be utilised by web sites and installed software programs to ascertain a precise report of the user's behavior and interests. Whereas this may be thought of as an invasion of privacy by some, it can be positively effective by offering related content instantaneously, so relieving the user of the job of trying to find it.

Confidentiality is a topic which concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as essentially confidential. Any time the browser on a local machine downloads a private document from the remote Web server, or the browser user fills in a form with personal information and clicks the 'Submit' button, the transmitted information could be intercepted without consent.

To find out more about 'website security checklist', visit website-security.biz.