Website security faq

This 'website security faq' article is supplied by Web Site Security, where you can find more information about website security faq.

Web Site Security Concerns - An Assessment



It is unfortunate, but there are many ways in which web site security can be undermined. For example, security dangers are ever present that have an effect on Web servers and LANs (local area networks) where Web sites are hosted, even by the ordinary use of a Web browser.

Web Masters shoulder the responsibility when coping with the critical risks. As soon as a Web server is installed at a site, a porthole is created in the local area network through which anyone who is on the Internet can peek. Of course, for the most part website visitors look at only what they are meant to look at, but a small number of them make an effort to unearth elements of the site that aren't supposed to be perceptible to the public. Malicious visitors wish to do other than simply look; they endeavour to unlock the window and creep in. The harm they could cause might be sheer vandalism, like replacing the web site's home page with one of theirs that could say or show anything at all, or else it might be burglary, such as appropriating a customers or sales database.

It is hard to avoid the virtual certainty that convoluted computer software contains bugs. Regardless of how carefully it's tested, there does exist as a rule a certain order of events or user actions, even though it might take place rarely, that creates a fault. Software bugs produce flaws in system security. A Web server is convoluted software that may very probably contain a security crack.

It's not just the complexity of a Web server which can trigger a problem, but also its open architecture. Consider a CGI script as an example. A CGI script may be executed at the server in reply to a remote call from a client. This might be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there could be a risk of a security breach.

Network Administrators also have to tackle problems from Web servers because of the danger they pose to the security of the local area network. While there should be no unauthorised intrusions, right of entry has to be granted to website visitors. This means that access to the network must be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most robust firewall may be breached if the Web server is configured poorly. Concomitant with this constraint, normal use of the web site can be unattainable if the firewall is configured poorly. Finding a perfect answer is even more difficult if an intranet exists as a constituent of the system. Normally, the Web server then needs to be configured to identify and authenticate domains and user groups, which are liable to have varying permission levels and access rights.

Tip: For ideas on a specialized side of website security, like "website security faq", search for the full phrase on the Net.

The majority of people using a browser to surf the Net think that they are doing it incognito and in safety. This is not so. Web browsers are able to run autonomous programs on the user's computer which are located on a web site. Current browsers display a caution and ask authorization to run such programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily install a virus or other hazardous software on the browser user's PC. After it is in the system it can wreak all kinds of damage and can be extremely difficult to get rid of.

This is also a worry for Network Administrators. Web browsers offer a way for potentially malicious software to seep all the way through the local area network's firewall. Once it is in the system, the damage it may cause can extend from furtively gaining possession of sensitive data to wanton spoliation.

Aside from the matters regarding active content, simply surfing the Web records a trail of the user's activities in the browser's history. This might be utilised by websites and installed software programs to determine an exact profile of the user's behaviour and interests. While this may be frowned upon as an invasion of privacy by some people, it can be advantageous by offering appropriate content instantaneously, thus unburdening the user of the task of trying to find it.

Confidentiality is a topic which concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the most significant feature of its blueprint. Both network and Internet transmissions should therefore not be considered as automatically confidential. Any time the browser on a local PC downloads a private file from the remote Web server, or the browser user fills out a form with confidential data and clicks the 'Submit' button, the transmitted data might be intercepted without authorisation.

To find out more about 'website security faq', visit website-security.biz.