Website security issues

This 'website security issues' article is supplied by Web Site Security, where you can find more information about website security issues.

An Assessment of Web Site Security Issues



It is unfortunate, but there are several ways in which web site security can be jeopardized. For example, security risks lurk insidiously which may affect Web servers and LANs (local area networks) on which Web sites reside, even by the conventional use of a Web browser.

Web Masters face the flak when handling the most serious risks. As soon as a Web server is set up at a site, a porthole materialises in the local area network through which anyone who's on the Internet can peer. Obviously, nearly all web site visitors look at no more than what they are meant to see, but a few attempt to locate areas of the site which are not supposed to be detectable by the rest of the world. Iniquitous visitors mean to go further than just look; they try to unlock the window and slither in. The damage they could inflict might be mere vandalism, like changing the website's home page with theirs which might say or show anything at all, or it could be larceny, like gaining possession of a customers or sales database.

It's difficult to escape the virtual certainty that complicated computer software has bugs. Regardless of how carefully it is tested, there does exist frequently a certain pattern of events or user actions, although it may be infrequent, that leads to an error. Software bugs create breaches in system security. A Web server is involved software which may quite possibly include a security gap.

It is not just the intricacy of a Web server that can instigate a problem, but also its open architecture. Think about a CGI script as an illustration. A CGI script may be run at the server in reply to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script includes a bug, there's a chance of a security violation.

Network Administrators also have to deal with problems from Web servers because of the danger they pose to the security of the local area network. While there ought to be no unauthorised incursions, admittance has to be granted to web site visitors. This means that access to the network should be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured poorly. Bearing that in mind, normal use of the web site may be impossible if the firewall is configured badly. Attaining a model resolution is still more difficult if an intranet is part of the system. Typically, the Web server then needs to be configured to identify and validate domains and user groups, which are likely to have differing permission levels and access privileges.

Hint: For advice concerning a specialised aspect of web site security, e.g. "website security issues", search for the full phrase on the Internet.

Nearly all people using a browser to surf the Net suppose that they really are doing it incognito and safely. It is not so. Web browsers may process self-contained programs on the client computer that are resident on a website. Modern browsers display a caution and ask permission to run these kinds of programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other hazardous software on the browser user's computer. When it's in the system it can inflict all kinds of catastrophe and can be extremely tough to get rid of.

This is also a worry for Network Administrators. Web browsers afford a way for potentially malicious software to filter all the way through the local area network's firewall. Once it is in the system, the damage it may cause can stretch from surreptitiously appropriating confidential information to motiveless spoliation.

Aside from the issues regarding active content, simply browsing the Net records a trail of the user's activities in the browser's history. This can be used by web sites and installed software to create an exact report of the user's behaviour and preferences. Despite the fact that this may be considered an invasion of privacy by some, it can be positively effective by displaying related subject matter straight away, so unburdening the user of the chore of trying to find it.

Secrecy is a problem which concerns not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the principal aspect of its design. Both network and Internet transmissions should therefore not be thought of as as essentially private. Every time the browser on a local PC downloads a sensitive document from the remote Web server, or the browser user completes a form with confidential data and clicks the 'Submit' button, the transmitted information can be intercepted without consent.

To find out more about 'website security issues', visit website-security.biz.