Website security questions

This 'website security questions' article is supplied by Web Site Security, where you can find more information about website security questions.

Web Site Security Issues - An Understanding



An unfortunate fact is that there are lots of ways in which website security can be undermined. Security dangers lurk insidiously that might affect Web servers and LANs (local area networks) on which Web sites reside, even by the typical use of a Web browser.

Web Masters bear the brunt when handling the gravest challenges. As soon as a Web server is installed at a site, a window materialises in the local area network through which anyone on the Internet can peek. Obviously, for the most part web site visitors look at no more than what they're supposed to look at, but some attempt to discover elements of the site that are not intended to be visible to the general public. Dishonest visitors aim to go further than only look; they make an effort to unfasten the window and steal in. The damage intruders may cause might be sheer vandalism, such as substituting the website's home page with their own which could say or show anything at all, or else it might be theft, such as stealing a contacts or orders database.

It is hard to escape the virtual certainty that complicated software contains bugs. Regardless of how scrupulously it is tested, there is frequently a certain permutation of events or user actions, even though it might be rare, that leads to a failure. Computer software bugs produce holes in system security. A Web server is complex software which can very probably include a security fault.

It's not just the intricacy of a Web server that may produce a glitch, but also its open architecture. Think about a CGI script as a case in point. A CGI script may be processed at the server in answer to a remote call from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there could be a danger of a security violation.

Network Administrators also have to handle problems from Web servers by reason of the threat they pose to the security of the local area network. Though there must be no unauthorized incursions, admission has to be granted to web site visitors. This means that access to the network should be regulated. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured poorly. Bearing that in mind, normal use of the website may be unattainable if the firewall is configured poorly. Arriving at a model solution is yet more tricky if an intranet exists as part of the system. Typically, the Web server then needs to be configured to identify and verify domains and user groups, which are likely to have differing permission levels and access rights.

Suggestion: For information as regards a specialised side of web site security, for example "website security questions", look for the full phrase on the Web.

Most of the people using a browser to surf the Internet believe that they're doing so in secret and securely. This is not correct. Web browsers may process autonomous programs on the local machine that are located on a web site. Current browsers display a notice and request authorization to execute such programs. Identified commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily leave a virus or other dangerous software on the browser user's machine. Once it is in the system it can cause all kinds of damage and may be very difficult to eliminate.

This is also a concern for Network Administrators. Web browsers afford a path for potentially malicious software to seep through the local area network's firewall. After it is in the system, the damage it could cause can extend from stealthily stealing confidential information to meaningless spoliation.

Besides the issues regarding active content, merely surfing the Net leaves a trail of the user's activities in the browser's history. This may be utilised by web sites and installed software to establish a precise profile of the user's behavior and preferences. Though this may be considered an invasion of privacy by some, it can be helpful by displaying germane subject matter right away, thus exonerating the user of the job of trying to find it.

Secrecy is a matter that worries not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security was not the most essential aspect of its design. Both network and Internet transmissions should therefore not be considered as essentially private. When the browser on a local PC downloads a sensitive file from the remote Web server, or the browser user fills in a form with confidential information and clicks the 'Submit' button, the transmitted information may be intercepted without consent.

To find out more about 'website security questions', visit website-security.biz.