Website security plan

This 'website security plan' article is supplied by Web Site Security, where you can find more information about website security plan.

Web Site Security Considerations - An Evaluation



Alas, there are a lot of ways in which web site security can be imperilled. Security risks are ever present which impinge on Web servers and LANs (local area networks) where Web sites reside, even by the customary use of a Web browser.

Web Masters shoulder the responsibility when handling the major risks. As soon as a Web server is set up at a site, a window is fabricated in the local area network through which anyone who is on the Internet can peep. Of course, as a rule web site visitors look at only what they're meant to look at, but a few attempt to find areas of the site which aren't designed to be visible to all and sundry. Dishonest visitors intend to do more than merely look; they endeavour to undo the window and slip inside. The damage they can inflict might be sheer vandalism, like changing the web site's home page with one of their own that might say or put on view absolutely anything at all, or else it could be theft, such as gaining possession of a customers or sales list.

It is difficult to evade the probability that complicated software includes bugs. Regardless of how carefully it is tested, there does exist usually a particular combination of events or user actions, while it might be infrequent, that will cause a fault. Software bugs produce gaps in system security. A Web server is involved software which can quite easily include a security hole.

It's not just the intricacy of a Web server that can create a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script can be run at the server in reply to a remote request from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there is a possibility of a security breach.

Network Administrators also have to deal with problems from Web servers because of the risk they pose to the security of the local area network. Whereas there ought to be no unauthorized intrusions, admittance must be granted to website visitors. This means that access to the network must be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be breached if the Web server is configured poorly. By the same token, normal use of the website may be unachievable if the firewall is configured badly. Finding a model resolution is still more tricky if an intranet is part of the system. Typically, the Web server in that case needs to be configured to recognise and validate domains and user groups, which are apt to have varying permission levels and access privileges.

Hint: For ideas as regards a certain feature of website security, e.g. "website security plan", search for the full phrase on the Web.

The majority of people using a browser to surf the Internet believe that they are doing it incognito and safely. It is not correct. Web browsers may execute autonomous software programs on the client machine which are resident on a web site. Modern browsers display a warning and ask consent to run such programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily leave a virus or other hazardous software on the browser user's computer. As soon as it is in the system it can cause all kinds of damage and may be very stubborn to remove.

This is also a worry for Network Administrators. Web browsers present a way for possibly malicious software to filter through the local area network's firewall. Once it is in the network, the damage it can inflict can stretch from clandestinely appropriating confidential data to willful spoliation.

Aside from the matters surrounding active content, merely browsing the Net records a trail of the user's activities in the browser's history. This might be utilised by websites and installed programs to determine an exact report of the user's behaviour and interests. Whereas this might be frowned upon as an invasion of privacy by some people, it can be useful by displaying relevant content immediately, so unburdening the user of the chore of looking for it.

Secrecy is a topic which concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of information by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security was not the principal factor of its design. Both network and Internet transmissions should therefore not be considered as automatically confidential. Every time the browser on a local PC downloads a private file from the remote Web server, or the browser user completes a form with private information and clicks the 'Submit' button, the transmitted information might be intercepted without consent.

To find out more about 'website security plan', visit website-security.biz.