Website security requirements
This 'website security requirements' article is supplied by Web Site Security, where you can find more information about website security requirements.
Website Security Issues - An Examination
Unfortunately, there are several ways in which website security can be compromised. For example, security hazards are ever present that impinge on Web servers and LANs (local area networks) where Web sites are hosted, even by the regular use of a Web browser.
Web Masters shoulder the responsibility when managing the gravest challenges. As soon as a Web server is installed at a site, a window is made in the local area network through which anyone who is on the Internet can peep. Obviously, most website visitors look at only what they're meant to look at, but some make an effort to locate parts of the site that aren't intended to be observable by all and sundry. Malicious visitors would like to go further than just look; they try to unfasten the window and creep through. The damage they could cause might be sheer vandalism, such as substituting the web site's home page with their own that might say or put on view anything at all, or it could be larceny, such as stealing a customers or sales database.
It is hard to evade the virtual certainty that complicated software contains bugs. Regardless of how methodically it's tested, there exists usually a particular permutation of events or user actions, although it may be infrequent, that will cause a fault. Computer software bugs produce breaches in system security. A Web server is convoluted software that may quite probably include a security defect.
It is not just the intricacy of a Web server which may produce a glitch, but also its open architecture. Consider a CGI script as a case in point. A CGI script can be processed at the server in answer to a remote call from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there may be a risk of a security violation.
Network Administrators also have to cope with problems from Web servers owing to the danger they pose to the security of the local area network. Whereas there ought to be no unauthorised intrusions, admittance has to be given to web site visitors. This means that access to the network has to be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured poorly. Bearing that in mind, normal use of the website may be not viable if the firewall is configured badly. Attaining a perfect solution is yet more tricky if an intranet exists as an element of the system. Commonly, the Web server then has to be configured to identify and validate domains and user groups, which are likely to have differing permission levels and access rights.
Tip: For ideas about a special viewpoint of website security, something like "website security requirements", search for the complete phrase on the Net.
Most people using a browser to surf the Net believe that they really are doing it anonymously and securely. It is not so. Web browsers may execute self-contained programs on the client machine which are hosted by a website. Modern browsers display a notice and request authorisation to run those programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily install a virus or other dangerous software on the browser user's computer. When it is in the system it can cause all kinds of catastrophe and may be extremely hard to delete.
This is also a worry for Network Administrators. Web browsers supply a way for possibly malicious software to permeate all the way through the local area network's firewall. As soon as it is in the network, the harm it might inflict can extend from covertly gaining possession of confidential data to gratuitous demolition.
Aside from the problems surrounding active content, merely surfing the Internet leaves a trail of the user's activities in the browser's history. This might be utilised by web sites and installed software to create an exact profile of the user's behavior and preferences. While this might be unacceptable as an invasion of privacy by some people, it can be useful by providing germane content straight away, thus relieving the user of the chore of looking for it.
Secrecy is a topic which concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of information by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was created, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily confidential. Every time the browser on a local machine downloads a confidential file from the remote Web server, or the browser user fills out a form with personal data and clicks the 'Submit' button, the transmitted information could be intercepted without consent.
To find out more about 'website security requirements', visit website-security.biz.