Website security considerations

This 'website security considerations' article is supplied by Web Site Security, where you can find more information about website security considerations.

Web Site Security Concerns - An Understanding



Unfortunately, there are lots of ways in which website security can be compromised. For example, security hazards lurk insidiously which may have an effect on Web servers and LANs (local area networks) where Websites are hosted, even by the routine use of a Web browser.

Web Masters shoulder the responsibility when dealing with the gravest threats. As soon as a Web server is set up at a site, a porthole is constructed in the local area network through which anyone who is on the Internet can look. Of course, on the whole web site visitors see no more than what they're supposed to see, but a few of them make an effort to locate areas of the site which are not designed to be visible to the public. Pernicious visitors wish to do more than simply look; they make an attempt to open the window and slither through. The damage they could inflict might be mere vandalism, such as replacing the web site's home page with one of theirs which could say or put on view anything at all, or else it could be robbery, such as gaining possession of a customers or orders list.

It's difficult to avoid the probability that complex software includes bugs. No matter how scrupulously it's tested, there will be typically some pattern of events or user actions, even if it might be infrequent, which brings about a failure. Computer software bugs cause gaps in system security. A Web server is intricate software which can very probably include a security crack.

It's not just the intricacy of a Web server which may instigate a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script can be processed at the server in reply to a remote call from a client. This might be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there will be a possibility of a security breach.

Network Administrators also have to tackle problems from Web servers because of the risk they pose to the security of the local area network. Whereas there must be no unauthorised incursions, admittance must be granted to web site visitors. This means that access to the network should be regulated. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall can be undermined if the Web server is configured badly. By the same token, normal use of the web site can be not viable if the firewall is configured poorly. Finding an ideal solution is still more difficult if an intranet is a constituent of the system. Usually, the Web server in that case has to be configured to distinguish and authenticate domains and user groups, which are liable to have varying permission levels and access privileges.

Suggestion: For ideas about a specialised view of website security, for example "website security considerations", search for the complete expression on the Internet.

Most of the people using a browser to surf the Web trust that they're doing so incognito and in safety. This is not correct. Web browsers can process autonomous software on the user's computer which are located on a website. Modern browsers display a warning and request permission to execute those programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily deposit a virus or other hazardous software on the browser user's PC. After it is in the system it can inflict all kinds of havoc and may be extremely hard to delete.

This is also a concern for Network Administrators. Web browsers offer a path for possibly malicious software to seep all the way through the local area network's firewall. Once it is in the system, the harm it can inflict can stretch from furtively stealing confidential information to gratuitous spoliation.

Apart from the matters to do with active content, just browsing the Net records a trail of the user's activities in the browser's history. This may be used by websites and installed software to establish a precise profile of the user's behaviour and preferences. Despite the fact that this may be unacceptable as an invasion of privacy by some, it can be useful by displaying applicable content instantaneously, so relieving the user of the chore of trying to find it.

Privacy is a topic that worries not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was created, security was not the most essential feature of its design. Both network and Internet transmissions should therefore not be thought of as as essentially confidential. Each time the browser on a local machine downloads a private document from the remote Web server, or the browser user completes a form with private information and clicks the 'Submit' button, the transmitted data may be intercepted without consent.

To find out more about 'website security considerations', visit website-security.biz.