Website security procedures

This 'website security procedures' article is supplied by Web Site Security, where you can find more information about website security procedures.

Website Security Concerns - An Evaluation

It is unfortunate, but there are a lot of ways in which website security can be jeopardised. Security hazards are ever present that impinge on Web servers and LANs (local area networks) where Websites are hosted, even by the ordinary use of a Web browser.

Web Masters face the flak when managing the gravest risks. As soon as a Web server is set up at a site, a window appears in the local area network through which anyone using the Internet can look. Of course, as a rule website visitors look at only what they are meant to look at, but a few try to uncover elements of the site which aren't supposed to be discernible by all and sundry. Iniquitous visitors would like to do more than simply look; they endeavor to unlock the window and steal through. The damage they can cause might be mere vandalism, such as changing the website's home page with one of their own that could say or display anything at all, or it might be larceny, such as gaining possession of a contacts or orders database.

It is hard to elude the virtual certainty that complex computer software includes bugs. Regardless of how painstakingly it is tested, there's usually some order of events or user actions, even if it may transpire once in a blue moon, that leads to a failure. Software bugs cause gaps in system security. A Web server is involved software that may quite likely contain a security defect.

It's not only the complexity of a Web server which can instigate a glitch, but also its open architecture. Think about a CGI script as an example. A CGI script may be run at the server in response to a remote call from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there's a risk of a security violation.

Network Administrators also have to take on problems from Web servers due to the threat they pose to the security of the local area network. Although there must be no unauthorized incursions, right of entry has to be given to web site visitors. This means that access to the network must be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall may be undermined if the Web server is configured badly. Bearing that in mind, normal use of the web site can be unattainable if the firewall is configured badly. Reaching an ideal solution is still more complicated if an intranet is a constituent of the system. Commonly, the Web server then must be configured to recognize and authenticate domains and user groups, which are likely to have varying permission levels and access rights.

Suggestion: For help as regards a particular aspect of web site security, e.g. "website security procedures", look for the full phrase on the Internet.

Nearly everybody using a browser to surf the Internet think that they really are doing so secretly and securely. It is not so. Web browsers may process autonomous programs on the local machine which are resident on a web site. Current browsers display a warning and ask authorisation to run these kinds of programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily install a virus or other hazardous software on the browser user's machine. As soon as it's in the system it can cause all kinds of havoc and can be extremely problematical to delete.

This is also a concern for Network Administrators. Web browsers present a way for potentially malicious software to permeate all the way through the local area network's firewall. As soon as it is in the system, the harm it can cause can stretch from secretly stealing sensitive information to wanton destruction.

Aside from the matters surrounding active content, merely browsing the Net records a trail of the user's activities in the browser's history. This can be utilised by websites and installed software to ascertain a precise profile of the user's behaviour and interests. Though this might be frowned upon as an invasion of privacy by some, it can be useful by supplying relevant content immediately, thus unburdening the user of the chore of looking for it.

Privacy is a subject that concerns not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security wasn't the principal factor of its design. Both network and Internet transmissions should therefore not be thought of as as essentially private. Each time the browser on a local computer downloads a sensitive document from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted data might be intercepted without consent.

To find out more about 'website security procedures', visit