Website security policies

This 'website security policies' article is supplied by Web Site Security, where you can find more information about website security policies.

Evaluating Website Security Concerns



It is unfortunate, but there are many ways in which web site security can be compromised. For example, security hazards exist that can impinge on Web servers and LANs (local area networks) where Websites reside, even by the conventional use of a Web browser.

Web Masters shoulder the responsibility when coping with the most acute threats. As soon as a Web server is installed at a site, a porthole is made in the local area network through which anyone using the Internet can peek. Naturally, as a rule website visitors look at no more than what they are meant to see, but some attempt to locate areas of the site which are not intended to be detectable by the general public. Nefarious visitors aim to go further than merely look; they endeavour to unfasten the window and creep through. The damage intruders can inflict might be sheer vandalism, like changing the website's home page with one of their own which could say or display absolutely anything, or else it might be larceny, such as stealing a customers or orders database.

It's hard to evade the probability that complex software has bugs. No matter how methodically it is tested, there is frequently some combination of events or user actions, though it may be infrequent, which causes a failure. Computer software bugs give rise to breaches in system security. A Web server is convoluted software that may quite possibly include a security flaw.

It's not only the complexity of a Web server which can cause a glitch, but also its open architecture. Think about a CGI script as a case in point. A CGI script can be run at the server in response to a remote request from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there is a possibility of a security violation.

Network Administrators also have to take on problems from Web servers owing to the risk they pose to the security of the local area network. Though there ought to be no unauthorised intrusions, right of entry must be granted to website visitors. This means that access to the network has to be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be undermined if the Web server is configured poorly. Bearing that in mind, normal use of the website may be not possible if the firewall is configured badly. Finding an ideal answer is yet more tricky if an intranet exists as an element of the system. Usually, the Web server then must be configured to identify and verify domains and user groups, which are apt to have differing permission levels and access privileges.

Tip: For advice as regards a detailed facet of web site security, for example "website security policies", look for the complete phrase on the Web.

Nearly all people using a browser to surf the Net suppose that they're doing so incognito and safely. It is not so. Web browsers can process autonomous software programs on the user's computer that are hosted by a web site. Modern browsers show a notice and request authorisation to run such programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily install a virus or other hazardous software on the browser user's PC. After it's in the system it can wreak all kinds of havoc and may be extremely awkward to delete.

This is also a worry for Network Administrators. Web browsers provide a route for possibly malicious software to seep through the local area network's firewall. When it is in the network, the harm it might cause can range from covertly appropriating private information to willful demolition.

Apart from the issues involving active content, merely browsing the Net records a trail of the user's activities in the browser's history. This could be used by web sites and installed software to create an accurate report of the user's behaviour and interests. Although this might be frowned upon as an invasion of privacy by some people, it can be positively effective by displaying appropriate subject matter without delay, thus unburdening the user of the job of looking for it.

Secrecy is a problem which concerns not only browser users but also Web Masters and Network Administrators during the actual transmission of information by means of the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was formed, security wasn't the most influential factor of its blueprint. Both network and Internet transmissions should therefore not be considered as essentially confidential. Each time the browser on a local PC downloads a confidential file from the remote Web server, or the browser user fills out a form with personal information and clicks the 'Submit' button, the transmitted data may be intercepted without authorisation.

To find out more about 'website security policies', visit website-security.biz.