Website security education

This 'website security education' article is supplied by Web Site Security, where you can find more information about website security education.

Understanding Web Site Security Considerations



It is unfortunate, but there are numerous ways in which website security can be circumvented. For example, security risks exist which have an effect on Web servers and LANs (local area networks) where Web sites are hosted, even by the routine use of a Web browser.

Web Masters shoulder the responsibility when coping with the major risks. As soon as a Web server is installed at a site, a porthole comes into being in the local area network through which anyone who's using the Internet can look. Naturally, nearly all web site visitors look at only what they're meant to look at, but a small number make an effort to uncover elements of the site that are not meant to be evident to the world. Pernicious visitors want to do other than merely look; they try to open the window and slither in. The damage intruders could inflict might be sheer vandalism, for example changing the website's home page with one of their own that might say or put on view anything at all, or else it might be burglary, such as appropriating a customers or sales database.

It's difficult to elude the likelihood that convoluted computer software has bugs. Regardless of how methodically it's tested, there will be by and large a certain combination of events or user actions, although it might occur hardly ever, which will cause a failure. Computer software bugs create flaws in system security. A Web server is complicated software which can very probably contain a security gap.

It is not merely the complexity of a Web server which may trigger a glitch, but also its open architecture. Consider a CGI script as an example. A CGI script may be processed at the server in answer to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there will be a risk of a security violation.

Network Administrators also have to deal with problems from Web servers by reason of the danger they pose to the security of the local area network. Whereas there should be no unauthorised intrusions, right of entry must be given to web site visitors. This means that access to the network has to be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall can be breached if the Web server is configured badly. Bearing that in mind, normal use of the web site can be impossible if the firewall is configured poorly. Finding an ideal resolution is even more tricky if an intranet is a constituent of the system. Commonly, the Web server in that case needs to be configured to recognise and validate domains and user groups, which are apt to have varying permission levels and access privileges.

Tip: For advice on a particular aspect of web site security, such as "website security education", search for the complete phrase on the Web.

Almost anyone using a browser to surf the Internet trust that they are doing it in secret and safely. It is not the case. Web browsers can process self-contained software programs on the local machine that are resident on a website. Current browsers display a warning and ask authorisation to execute those programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily deposit a virus or other dangerous software on the browser user's machine. When it's in the system it can wreak all kinds of damage and can be exceedingly problematical to delete.

This is also a worry for Network Administrators. Web browsers afford a means for potentially malicious software to seep through the local area network's firewall. As soon as it is in the system, the harm it is able to cause can vary from stealthily appropriating sensitive information to motiveless destruction.

Apart from the matters to do with active content, simply browsing the Internet records a trail of the user's activities in the browser's history. This can be utilized by web sites and installed software to create a precise profile of the user's behaviour and preferences. Despite the fact that this may be considered an invasion of privacy by some people, it can be constructive by offering applicable subject matter straight away, thus relieving the user of the chore of looking for it.

Privacy is a matter that worries not only browser users but also Web Masters and Network Administrators in the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the most influential aspect of its design. Both network and Internet transmissions should therefore not be considered as automatically private. When the browser on a local PC downloads a sensitive file from the remote Web server, or the browser user completes a form with confidential information and clicks the 'Submit' button, the transmitted data may be intercepted without authorization.

To find out more about 'website security education', visit website-security.biz.