Website security design

This 'website security design' article is supplied by Web Site Security, where you can find more information about website security design.

Web Site Security Issues - An Overview



Unfortunately, there are various ways in which web site security can be adversely affected. Security hazards exist that have an effect on Web servers and LANs (local area networks) on which Websites are situated, even by the regular use of a Web browser.

Web Masters bear the brunt when handling the most dangerous threats. As soon as a Web server is set up at a site, a window is made in the local area network through which anyone who's on the Internet can peep. Obviously, most website visitors look at only what they are meant to see, but a minority endeavor to discover parts of the site which are not supposed to be detectable by the rest of the world. Unscrupulous visitors desire to do other than merely look; they endeavour to unfasten the window and sneak in. The damage intruders may inflict might be sheer vandalism, such as substituting the web site's home page with one of theirs which might say or put on view anything, or it might be theft, such as stealing a customers or sales list.

It is difficult to evade the probability that complicated software includes bugs. No matter how methodically it is tested, there is usually a certain order of events or user actions, even if it might come about on the odd occasion, which brings about an error. Software bugs create gaps in system security. A Web server is involved software that can quite possibly contain a security gap.

It's not just the complexity of a Web server that can trigger a glitch, but also its open architecture. Think about a CGI script as a case in point. A CGI script can be executed at the server in response to a remote call from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there is a chance of a security breach.

Network Administrators also have to confront problems from Web servers due to the risk they pose to the security of the local area network. Although there should be no unauthorized incursions, admission has to be granted to web site visitors. This means that access to the network has to be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured badly. By the same token, normal use of the website may be not viable if the firewall is configured badly. Finding a model solution is still more difficult if an intranet forms part of the system. Commonly, the Web server in that case must be configured to identify and verify domains and user groups, which are apt to have varying permission levels and access rights.

Hint: For ideas regarding a detailed feature of web site security, like "website security design", look for the full expression on the Internet.

Nearly everybody using a browser to surf the Net believe that they really are doing so in secret and in safety. This is not so. Web browsers are able to execute self-contained software on the user's computer which are located on a web site. Modern browsers display a caution and request authorisation to run such programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other hazardous software on the browser user's computer. After it is in the system it can cause all kinds of damage and can be exceedingly awkward to delete.

This is also a concern for Network Administrators. Web browsers provide a path for potentially malicious software to permeate through the local area network's firewall. After it is in the network, the harm it might inflict can stretch from clandestinely stealing private information to motiveless demolition.

Besides the concerns in re active content, just browsing the Web records a trail of the user's activities in the browser's history. This may be utilised by web sites and installed software programs to determine an exact report of the user's behaviour and preferences. Although this might be frowned upon as an invasion of privacy by some, it can be useful by showing germane content without delay, thus relieving the user of the chore of looking for it.

Privacy is a subject which concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security was not the most important feature of its design. Both network and Internet transmissions should therefore not be thought of as as necessarily confidential. When the browser on a local computer downloads a private file from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted data might be intercepted without consent.

To find out more about 'website security design', visit website-security.biz.