Website security guide

This 'website security guide' article is supplied by Web Site Security, where you can find more information about website security guide.

Examining Website Security Concerns



Alas, there are various ways in which web site security can be circumvented. For example, security risks lurk insidiously which could impinge on Web servers and LANs (local area networks) on which Websites reside, even by the normal use of a Web browser.

Web Masters come under fire when managing the gravest threats. As soon as a Web server is installed at a site, a porthole is made in the local area network through which anyone who is on the Internet can peek. Naturally, on the whole web site visitors look at no more than what they're meant to see, but a number of them make an effort to uncover elements of the site which are not intended to be observable by the public. Fraudulent visitors aspire to do other than just look; they try to unfasten the window and creep through it. The harm intruders may cause might be sheer vandalism, such as replacing the website's home page with one of their own which could say or display absolutely anything, or it could be robbery, like stealing a customers or orders list.

It's difficult to avoid the likelihood that complicated computer software contains bugs. No matter how comprehensively it is tested, there's frequently a particular order of events or user actions, even if it may arise once in a blue moon, which brings about a failure. Computer software bugs cause gaps in system security. A Web server is complicated software which may quite easily include a security defect.

It is not only the complexity of a Web server which can create a glitch, but also its open architecture. Think about a CGI script as an example. A CGI script can be processed at the server in answer to a remote call from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there could be a possibility of a security violation.

Network Administrators also have to face problems from Web servers because of the risk they pose to the security of the local area network. Though there should be no unauthorized intrusions, access must be given to web site visitors. This means that access to the network should be regulated. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall can be compromised if the Web server is configured badly. Bearing that in mind, normal use of the web site may be unachievable if the firewall is configured poorly. Finding an ideal solution is still more complicated if an intranet exists as an element of the system. Usually, the Web server then needs to be configured to recognize and verify domains and user groups, which are likely to have differing permission levels and access rights.

Hint: For ideas concerning a particular feature of web site security, such as "website security guide", look for the full expression on the Web.

Almost anyone using a browser to surf the Net believe that they are doing it in secret and securely. It is not correct. Web browsers may process autonomous programs on the client computer that are hosted by a website. Current browsers display a warning and ask authorisation to run those programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily install a virus or other dangerous software on the browser user's machine. As soon as it is in the system it can cause all kinds of catastrophe and may be very awkward to delete.

This is also a concern for Network Administrators. Web browsers present a path for potentially malicious software to seep through the local area network's firewall. When it is in the system, the damage it could inflict can range from secretly gaining possession of confidential information to meaningless demolition.

Apart from the concerns in re active content, merely browsing the Web leaves a trail of the user's activities in the browser's history. This can be utilised by websites and installed software programs to establish an accurate profile of the user's behaviour and interests. While this might be unacceptable as an invasion of privacy by some people, it can be positively effective by displaying applicable content right away, thus exonerating the user of the chore of looking for it.

Confidentiality is a topic which concerns not only browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was formed, security was not the principal feature of its design. Both network and Internet transmissions should therefore not be thought of as as necessarily private. Each time the browser on a local computer downloads a private document from the remote Web server, or the browser user fills out a form with personal data and clicks the 'Submit' button, the transmitted information can be intercepted without consent.

To find out more about 'website security guide', visit website-security.biz.