Website security policy

This 'website security policy' article is supplied by Web Site Security, where you can find more information about website security policy.

An Assessment of Website Security Considerations



It is unfortunate, but there are numerous ways in which website security can be compromised. Security hazards lurk insidiously which have an effect on Web servers and LANs (local area networks) on which Web sites reside, even by the routine use of a Web browser.

Web Masters bear the brunt when coping with the gravest challenges. As soon as a Web server is set up at a site, a window materialises in the local area network through which anyone on the Internet can peep. Obviously, the majority of web site visitors look at no more than what they are meant to look at, but a number of them attempt to locate parts of the site which are not designed to be discernible by the public. Malicious visitors would like to do more than merely look; they make an attempt to unbolt the window and slither through. The damage intruders could cause might be mere vandalism, like changing the website's home page with one of their own that could say or show anything, or it might be robbery, such as gaining possession of a customers or orders database.

It's hard to escape the probability that complicated software includes bugs. No matter how comprehensively it is tested, you can find more often than not a particular combination of events or user actions, while it might be infrequent, which creates a failure. Computer software bugs give rise to gaps in system security. A Web server is intricate software that may very likely include a security crack.

It's not merely the intricacy of a Web server which can create a problem, but also its open architecture. Think about a CGI script as an illustration. A CGI script may be executed at the server in response to a remote call from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script includes a bug, there's a risk of a security violation.

Network Administrators also have to take on problems from Web servers owing to the danger they pose to the security of the local area network. Though there ought to be no unauthorized incursions, right of entry has to be given to web site visitors. This means that access to the network has to be controlled. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be breached if the Web server is configured poorly. By the same token, normal use of the website can be not viable if the firewall is configured poorly. Arriving at a perfect answer is yet more difficult if an intranet forms an element of the system. Typically, the Web server in that case has to be configured to recognize and validate domains and user groups, which are apt to have varying permission levels and access rights.

Tip: For ideas on an individual side of web site security, e.g. "website security policy", search for the complete expression on the Net.

Nearly all people using a browser to surf the Internet suppose that they are doing so incognito and safely. This is not correct. Web browsers can run self-contained software on the user's computer that are located on a website. Modern browsers show a notice and ask authorization to execute such programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily inject a virus or other dangerous software on the browser user's machine. As soon as it's in the system it can cause all kinds of havoc and can be extremely problematical to remove.

This is also a worry for Network Administrators. Web browsers provide a path for potentially malicious software to seep through the local area network's firewall. After it is in the network, the damage it is able to inflict can vary from stealthily stealing confidential data to wilful spoliation.

Aside from the issues to do with active content, just browsing the Web leaves a trail of the user's activities in the browser's history. This might be used by web sites and installed software programs to establish a precise report of the user's behavior and preferences. Although this may be considered an invasion of privacy by some, it can be helpful by offering germane subject matter straight away, so relieving the user of the chore of looking for it.

Secrecy is a problem that concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the most important feature of its design. Both network and Internet transmissions should therefore not be considered as necessarily confidential. Every time the browser on a local PC downloads a private file from the remote Web server, or the browser user completes a form with private information and clicks the 'Submit' button, the transmitted information may be intercepted without authorisation.

To find out more about 'website security policy', visit website-security.biz.