Website security legislation

This 'website security legislation' article is supplied by Web Site Security, where you can find more information about website security legislation.

Website Security Considerations - An Overview



An unfortunate fact is that there are many ways in which website security can be imperilled. Security hazards are ever present that have an effect on Web servers and LANs (local area networks) on which Web sites reside, even by the typical use of a Web browser.

Web Masters face the flak when handling the gravest challenges. As soon as a Web server is installed at a site, a window appears in the local area network through which anyone who is on the Internet can peek. Naturally, nearly all website visitors see no more than what they are meant to look at, but some try to unearth areas of the site that are not intended to be observable by the public. Iniquitous visitors want to go further than merely look; they attempt to undo the window and slip through. The harm they can cause might be sheer vandalism, for instance replacing the web site's home page with their own which could say or display absolutely anything at all, or it might be burglary, such as appropriating a customers or orders database.

It is difficult to elude the virtual certainty that intricate software has bugs. No matter how scrupulously it's tested, you can find usually a certain permutation of events or user actions, though it might arise seldom, that will cause a failure. Computer software bugs create breaches in system security. A Web server is complicated software that may very easily contain a security defect.

It is not only the intricacy of a Web server which can produce a glitch, but also its open architecture. Think about a CGI script as an illustration. A CGI script may be processed at the server in reply to a remote call from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there may be a risk of a security breach.

Network Administrators also have to deal with problems from Web servers due to the danger they pose to the security of the local area network. Despite the fact that there should be no unauthorised intrusions, access must be given to web site visitors. This means that access to the network has to be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be compromised if the Web server is configured badly. Bearing that in mind, normal use of the website may be not possible if the firewall is configured badly. Arriving at an ideal answer is still more complicated if an intranet is part of the system. Commonly, the Web server in that case needs to be configured to recognize and authenticate domains and user groups, which are apt to have differing permission levels and access privileges.

Hint: For advice regarding a certain view of web site security, e.g. "website security legislation", look for the full expression on the Internet.

Almost all people using a browser to surf the Internet suppose that they are doing it incognito and safely. It is not correct. Web browsers are able to execute self-contained software on the user's computer which are resident on a website. Modern browsers display a warning and ask consent to execute such programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily install a virus or other dangerous software on the browser user's machine. Once it is in the system it can cause all kinds of catastrophe and may be extremely tricky to eliminate.

This is also a concern for Network Administrators. Web browsers afford a means for possibly malicious software to filter through the local area network's firewall. As soon as it is in the network, the harm it is able to cause can stretch from covertly stealing private information to motiveless spoliation.

Aside from the issues surrounding active content, simply browsing the Net leaves a trail of the user's activities in the browser's history. This may be utilized by websites and installed software programs to determine a precise profile of the user's behaviour and interests. While this might be thought of as an invasion of privacy by some, it can be useful by offering relevant content at once, so unburdening the user of the task of trying to find it.

Secrecy is an issue that concerns not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was formed, security wasn't the most critical factor of its design. Both network and Internet transmissions should therefore not be considered as automatically confidential. Every time the browser on a local machine downloads a confidential file from the remote Web server, or the browser user completes a form with private information and clicks the 'Submit' button, the transmitted data might be intercepted without consent.

To find out more about 'website security legislation', visit website-security.biz.