Website security guidelines

This 'website security guidelines' article is supplied by Web Site Security, where you can find more information about website security guidelines.

An Evaluation of Website Security Concerns



An unfortunate fact is that there are several ways in which web site security can be circumvented. For example, security dangers lurk insidiously which may impinge on Web servers and LANs (local area networks) where Web sites are hosted, even by the conventional use of a Web browser.

Web Masters are in the front line when managing the gravest risks. As soon as a Web server is set up at a site, a porthole is constructed in the local area network through which anyone who is using the Internet can look. Naturally, most web site visitors look at no more than what they are supposed to look at, but a small number attempt to locate elements of the site which are not supposed to be detectable by the rest of the world. Dishonest visitors desire to go further than only look; they endeavour to unlock the window and creep in. The harm they can cause might be sheer vandalism, such as changing the web site's home page with one of theirs that might say or show absolutely anything, or else it could be burglary, like gaining possession of a customers or orders list.

It is hard to avoid the virtual certainty that complex software includes bugs. No matter how meticulously it is tested, you can find usually some pattern of events or user actions, although it might come about infrequently, which brings about a failure. Software bugs create flaws in system security. A Web server is intricate software that may very possibly contain a security hole.

It is not merely the complexity of a Web server which may produce a glitch, but also its open architecture. Think about a CGI script as an illustration. A CGI script may be run at the server in response to a remote call from a client. This might be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there is a chance of a security violation.

Network Administrators also have to face problems from Web servers owing to the risk they pose to the security of the local area network. Although there should be no unauthorized intrusions, admittance must be granted to web site visitors. This means that access to the network must be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be compromised if the Web server is configured badly. Bearing that in mind, normal use of the website can be unachievable if the firewall is configured poorly. Arriving at a perfect solution is even more difficult if an intranet is a constituent of the system. Typically, the Web server then must be configured to recognise and verify domains and user groups, which are likely to have varying permission levels and access rights.

Tip: For advice concerning an individual view of web site security, for example "website security guidelines", look for the full expression on the Internet.

Most people using a browser to surf the Internet suppose that they're doing it in secret and securely. This is not so. Web browsers can process autonomous programs on the client machine that are hosted by a web site. Current browsers show a notice and ask permission to run such programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily leave a virus or other hazardous software on the browser user's computer. As soon as it is in the system it can cause all kinds of damage and can be extremely tough to get rid of.

This is also a worry for Network Administrators. Web browsers present a route for potentially malicious software to filter through the local area network's firewall. When it is in the network, the damage it can inflict can vary from furtively gaining possession of confidential data to wanton carnage.

Besides the problems to do with active content, merely surfing the Internet leaves a trail of the user's activities in the browser's history. This might be utilised by web sites and installed software programs to determine an accurate report of the user's behavior and preferences. While this might be unacceptable as an invasion of privacy by some people, it can be positively effective by providing related content immediately, thus unburdening the user of the task of looking for it.

Confidentiality is a question which concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was formed, security was not the most essential factor of its design. Both network and Internet transmissions should therefore not be considered as automatically private. Any time the browser on a local machine downloads a private document from the remote Web server, or the browser user fills in a form with confidential data and clicks the 'Submit' button, the transmitted information could be intercepted without consent.

To find out more about 'website security guidelines', visit website-security.biz.