Website security mechanisms

This 'website security mechanisms' article is supplied by Web Site Security, where you can find more information about website security mechanisms.

Web Site Security Considerations - An Evaluation



It is unfortunate, but there are a lot of ways in which website security can be imperilled. For example, security hazards exist which could affect Web servers and LANs (local area networks) where Web sites reside, even by the conventional use of a Web browser.

Web Masters shoulder the responsibility when coping with the gravest risks. As soon as a Web server is set up at a site, a window is created in the local area network through which anyone who's using the Internet can peer. Certainly, on the whole web site visitors look at only what they are supposed to look at, but some endeavor to find parts of the site which are not intended to be visible to the rest of the world. Dishonest visitors would like to go further than only look; they endeavour to unlock the window and creep through. The harm intruders may cause might be mere vandalism, for example replacing the website's home page with theirs which could say or put on view absolutely anything, or it could be theft, such as appropriating a contacts or orders list.

It is difficult to evade the likelihood that complex computer software includes bugs. Regardless of how systematically it is tested, you can find frequently some permutation of events or user actions, even if it might appear infrequently, which will cause a fault. Computer software bugs give rise to flaws in system security. A Web server is intricate software that may quite easily contain a security defect.

It is not just the complexity of a Web server that can trigger a glitch, but also its open architecture. Consider a CGI script as an example. A CGI script may be run at the server in response to a remote request from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script includes a bug, there is a possibility of a security violation.

Network Administrators also have to deal with problems from Web servers because of the risk they pose to the security of the local area network. While there should be no unauthorised intrusions, admittance has to be given to website visitors. This means that access to the network must be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most robust firewall can be breached if the Web server is configured badly. Concomitant with this constraint, normal use of the web site can be unattainable if the firewall is configured badly. Reaching an ideal answer is yet more complicated if an intranet forms part of the system. Usually, the Web server in that case needs to be configured to recognize and validate domains and user groups, which are likely to have differing permission levels and access rights.

Suggestion: For ideas in relation to a specific facet of web site security, such as "website security mechanisms", look for the complete expression on the Web.

Almost everyone using a browser to surf the Net believe that they're doing so secretly and in safety. It is not the case. Web browsers are able to execute autonomous software on the local machine which are hosted by a web site. Modern browsers display a caution and ask permission to execute such programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily install a virus or other hazardous software on the browser user's computer. After it's in the system it can cause all kinds of damage and can be extremely tricky to eradicate.

This is also a concern for Network Administrators. Web browsers supply a path for possibly malicious software to filter through the local area network's firewall. As soon as it is in the system, the damage it can inflict can range from stealthily appropriating confidential data to motiveless carnage.

Apart from the problems regarding active content, simply browsing the Internet records a trail of the user's activities in the browser's history. This may be utilised by websites and installed programs to establish a precise profile of the user's behavior and preferences. Despite the fact that this might be frowned upon as an invasion of privacy by some, it can be constructive by providing relevant subject matter at once, thus exonerating the user of the job of trying to find it.

Secrecy is an issue which concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of data via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security wasn't the principal feature of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily confidential. When the browser on a local machine downloads a sensitive file from the remote Web server, or the browser user fills in a form with confidential data and clicks the 'Submit' button, the transmitted data can be intercepted without consent.

To find out more about 'website security mechanisms', visit website-security.biz.