Website security laws

This 'website security laws' article is supplied by Web Site Security, where you can find more information about website security laws.

An Examination of Web Site Security Concerns



It is unfortunate, but there are a lot of ways in which website security can be imperilled. Security risks are ever present which can affect Web servers and LANs (local area networks) where Web sites are hosted, even by the ordinary use of a Web browser.

Web Masters shoulder the responsibility when handling the major risks. As soon as a Web server is installed at a site, a porthole materializes in the local area network through which anyone who is using the Internet can look. Naturally, for the most part website visitors see only what they're supposed to see, but a small number attempt to discover elements of the site which aren't supposed to be detectable by the rest of the world. Pernicious visitors would like to go further than only look; they try to unbolt the window and creep through. The harm intruders can inflict might be sheer vandalism, such as replacing the website's home page with one of theirs that might say or display absolutely anything, or it could be larceny, like stealing a customers or orders list.

It's hard to elude the likelihood that convoluted computer software includes bugs. Regardless of how thoroughly it's tested, there is frequently a certain pattern of events or user actions, even if it may be rare, which will cause a fault. Software bugs produce breaches in system security. A Web server is complex software which can quite possibly include a security weakness.

It's not only the complexity of a Web server that may cause a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script may be executed at the server in answer to a remote request from a client. This might be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there is a danger of a security violation.

Network Administrators also have to tackle problems from Web servers by reason of the threat they pose to the security of the local area network. Although there should be no unauthorized incursions, admittance must be granted to web site visitors. This means that access to the network has to be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be compromised if the Web server is configured badly. Concomitant with this constraint, normal use of the website may be not possible if the firewall is configured poorly. Arriving at a perfect solution is still more complicated if an intranet is a constituent of the system. Typically, the Web server in that case needs to be configured to identify and authenticate domains and user groups, which are likely to have differing permission levels and access rights.

Tip: For help regarding a particular side of web site security, for instance "website security laws", search for the complete expression on the Internet.

Most people using a browser to surf the Internet suppose that they're doing it anonymously and securely. It is not correct. Web browsers can process autonomous programs on the user's machine that are located on a website. Modern browsers display a caution and ask authorization to run such programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily deposit a virus or other dangerous software on the browser user's PC. When it is in the system it can wreak all kinds of damage and can be extremely hard to delete.

This is also a worry for Network Administrators. Web browsers offer a path for potentially malicious software to filter through the local area network's firewall. Once it is in the network, the damage it might cause can range from furtively appropriating sensitive data to meaningless demolition.

Besides the problems to do with active content, simply browsing the Web leaves a trail of the user's activities in the browser's history. This may be utilized by websites and installed programs to determine a precise report of the user's behaviour and preferences. Though this might be frowned upon as an invasion of privacy by some, it can be positively effective by offering appropriate content straight away, so relieving the user of the task of trying to find it.

Privacy is an issue that worries not just browser users but also Web Masters and Network Administrators during the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was formed, security wasn't the most important feature of its design. Both network and Internet transmissions should therefore not be considered as automatically confidential. Every time the browser on a local computer downloads a private file from the remote Web server, or the browser user completes a form with confidential data and clicks the 'Submit' button, the transmitted information may be intercepted without consent.

To find out more about 'website security laws', visit website-security.biz.