Website security practices

This 'website security practices' article is supplied by Web Site Security, where you can find more information about website security practices.

Web Site Security Concerns - An Evaluation



Alas, there are lots of ways in which website security can be undermined. For example, security risks exist which have an effect on Web servers and LANs (local area networks) where Web sites are located, even by the natural use of a Web browser.

Web Masters shoulder the responsibility when dealing with the most severe threats. As soon as a Web server is installed at a site, a window is made in the local area network through which anyone who's on the Internet can peek. Obviously, for the most part website visitors see no more than what they are meant to look at, but a number of them try to locate areas of the site that are not designed to be visible to the general public. Nefarious visitors mean to go further than merely look; they endeavor to unlock the window and slip in. The damage intruders could inflict might be mere vandalism, for example changing the website's home page with theirs that could say or show anything at all, or it could be robbery, such as appropriating a contacts or sales list.

It's hard to avoid the probability that convoluted computer software includes bugs. Regardless of how carefully it's tested, there's as a rule some pattern of events or user actions, even though it might appear seldom, that brings about a fault. Computer software bugs produce holes in system security. A Web server is intricate software which can quite easily contain a security fault.

It's not just the complexity of a Web server which may create a problem, but also its open architecture. Think about a CGI script as an example. A CGI script can be processed at the server in reply to a remote request from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script includes a bug, there may be a possibility of a security violation.

Network Administrators also have to face problems from Web servers as a consequence of the risk they pose to the security of the local area network. Whereas there ought to be no unauthorised intrusions, admission must be granted to web site visitors. This means that access to the network must be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall can be compromised if the Web server is configured badly. By the same token, normal use of the web site may be impossible if the firewall is configured badly. Reaching a model solution is still more complicated if an intranet exists as part of the system. Commonly, the Web server then has to be configured to recognize and verify domains and user groups, which are likely to have varying permission levels and access privileges.

Suggestion: For information with reference to a particular viewpoint of website security, something like "website security practices", search for the full expression on the Web.

Nearly everybody using a browser to surf the Web believe that they are doing so anonymously and securely. It is not correct. Web browsers may execute self-contained software on the local computer that are resident on a website. Modern browsers show a notice and ask consent to run such programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily deposit a virus or other hazardous software on the browser user's PC. As soon as it is in the system it can inflict all kinds of damage and can be exceedingly awkward to eliminate.

This is also a concern for Network Administrators. Web browsers make available a path for possibly malicious software to filter through the local area network's firewall. After it is in the network, the harm it might cause can range from surreptitiously stealing sensitive information to willful demolition.

Aside from the issues involving active content, just browsing the Web records a trail of the user's activities in the browser's history. This could be utilized by websites and installed software to create a precise report of the user's behavior and interests. While this may be thought of as an invasion of privacy by some, it can be helpful by providing applicable content directly, so relieving the user of the job of looking for it.

Secrecy is a topic which concerns not just browser users but also Web Masters and Network Administrators in the actual transmission of information via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as automatically confidential. Whenever the browser on a local computer downloads a sensitive file from the remote Web server, or the browser user completes a form with confidential information and clicks the 'Submit' button, the transmitted data might be intercepted without authorization.

To find out more about 'website security practices', visit website-security.biz.