Website security checks

This 'website security checks' article is supplied by Web Site Security, where you can find more information about website security checks.

Examination of Website Security Issues



An unfortunate fact is that there are numerous ways in which web site security can be jeopardised. For example, security hazards lurk insidiously that might have an effect on Web servers and LANs (local area networks) on which Web sites are situated, even by the normal use of a Web browser.

Web Masters bear the brunt when managing the major threats. As soon as a Web server is installed at a site, a window is established in the local area network through which anyone on the Internet can peek. Certainly, most website visitors look at no more than what they're supposed to see, but a minority endeavor to find elements of the site which are not designed to be evident to the public. Iniquitous visitors wish to go further than just look; they attempt to undo the window and sneak through. The damage they may inflict might be mere vandalism, such as replacing the web site's home page with one of theirs that could say or show absolutely anything at all, or it might be larceny, such as appropriating a contacts or orders database.

It's difficult to escape the likelihood that complicated computer software includes bugs. Regardless of how systematically it is tested, you can find frequently a particular combination of events or user actions, even though it might transpire rarely, that leads to a fault. Software bugs give rise to flaws in system security. A Web server is complicated software which can very possibly include a security gap.

It's not only the intricacy of a Web server which can produce a glitch, but also its open architecture. Consider a CGI script as an illustration. A CGI script can be processed at the server in response to a remote call from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there will be a chance of a security breach.

Network Administrators also have to face problems from Web servers by reason of the threat they pose to the security of the local area network. Though there ought to be no unauthorized intrusions, right of entry must be granted to web site visitors. This means that access to the network should be regulated. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be breached if the Web server is configured poorly. By the same token, normal use of the website can be unattainable if the firewall is configured badly. Finding a perfect solution is even more tricky if an intranet is an element of the system. Normally, the Web server in that case needs to be configured to recognise and authenticate domains and user groups, which are likely to have differing permission levels and access rights.

Suggestion: For ideas concerning a detailed feature of website security, e.g. "website security checks", look for the full phrase on the Net.

The majority of people using a browser to surf the Net trust that they really are doing it secretly and securely. It is not correct. Web browsers are able to run autonomous software programs on the local computer which are resident on a web site. Modern browsers display a notice and request authorization to run such programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily inject a virus or other dangerous software on the browser user's machine. As soon as it is in the system it can cause all kinds of havoc and may be exceedingly stubborn to delete.

This is also a concern for Network Administrators. Web browsers present a route for potentially malicious software to seep through the local area network's firewall. As soon as it is in the network, the harm it might cause can stretch from stealthily appropriating sensitive data to motiveless destruction.

Aside from the concerns surrounding active content, merely browsing the Web records a trail of the user's activities in the browser's history. This might be utilized by web sites and installed programs to create an accurate report of the user's behaviour and interests. While this might be unacceptable as an invasion of privacy by some, it can be advantageous by supplying relevant content straight away, so unburdening the user of the job of looking for it.

Secrecy is an issue which worries not only browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security wasn't the principal aspect of its design. Both network and Internet transmissions should therefore not be considered as essentially private. Each time the browser on a local computer downloads a sensitive document from the remote Web server, or the browser user fills out a form with confidential data and clicks the 'Submit' button, the transmitted data could be intercepted without consent.

To find out more about 'website security checks', visit website-security.biz.