Website security document

This 'website security document' article is supplied by Web Site Security, where you can find more information about website security document.

Examination of Web Site Security Considerations



It is unfortunate, but there are various ways in which website security can be jeopardised. For example, security hazards lurk insidiously that affect Web servers and LANs (local area networks) where Web sites reside, even by the conventional use of a Web browser.

Web Masters face the flak when coping with the gravest challenges. As soon as a Web server is installed at a site, a porthole comes into being in the local area network through which anyone using the Internet can peep. Certainly, for the most part web site visitors see no more than what they are meant to look at, but a minority make an effort to find areas of the site that are not supposed to be perceptible to the public. Dishonest visitors wish to go further than merely look; they make an attempt to unbolt the window and slip through. The damage they can cause might be sheer vandalism, such as changing the web site's home page with theirs which could say or display anything at all, or else it could be robbery, such as appropriating a customers or sales database.

It's hard to evade the probability that complicated computer software includes bugs. No matter how thoroughly it is tested, there will be typically a certain permutation of events or user actions, though it might crop up hardly ever, which causes an error. Software bugs create holes in system security. A Web server is complicated software which can very likely contain a security crack.

It is not only the complexity of a Web server which may cause a problem, but also its open architecture. Think about a CGI script as an example. A CGI script may be run at the server in answer to a remote request from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there may be a possibility of a security breach.

Network Administrators also have to deal with problems from Web servers by reason of the risk they pose to the security of the local area network. Although there should be no unauthorized intrusions, access must be granted to website visitors. This means that access to the network should be regulated. The Administrator therefore has to perform a delicate balancing act. Even the most robust firewall can be undermined if the Web server is configured poorly. By the same token, normal use of the website can be unattainable if the firewall is configured badly. Attaining a model answer is yet more complicated if an intranet forms part of the system. Normally, the Web server in that case needs to be configured to identify and verify domains and user groups, which are apt to have varying permission levels and access privileges.

Hint: For advice as regards a special aspect of web site security, such as "website security document", search for the full expression on the Web.

Almost all people using a browser to surf the Internet believe that they are doing it anonymously and in safety. This is not correct. Web browsers are able to execute self-contained software on the local machine which are resident on a website. Current browsers show a caution and request permission to execute these kinds of programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily install a virus or other dangerous software on the browser user's computer. Once it's in the system it can cause all kinds of damage and can be extremely problematical to delete.

This is also a worry for Network Administrators. Web browsers present a path for potentially malicious software to permeate all the way through the local area network's firewall. As soon as it is in the system, the harm it might cause can vary from surreptitiously stealing sensitive information to wanton demolition.

Besides the concerns to do with active content, just surfing the Net leaves a trail of the user's activities in the browser's history. This could be used by web sites and installed software programs to create an accurate profile of the user's behaviour and interests. Whereas this might be considered an invasion of privacy by some people, it can be useful by displaying related content directly, thus unburdening the user of the chore of trying to find it.

Confidentiality is a subject that concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was created, security was not the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as essentially private. Each time the browser on a local computer downloads a sensitive file from the remote Web server, or the browser user fills out a form with confidential data and clicks the 'Submit' button, the transmitted data could be intercepted without authorization.

To find out more about 'website security document', visit website-security.biz.