Website security risks

This 'website security risks' article is supplied by Web Site Security, where you can find more information about website security risks.

An Evaluation of Web Site Security Issues



An unfortunate fact is that there are many ways in which website security can be jeopardised. For example, security dangers lurk insidiously which may impinge on Web servers and LANs (local area networks) where Web sites reside, even by the routine use of a Web browser.

Web Masters are in the front line when managing the gravest challenges. As soon as a Web server is installed at a site, a porthole is fabricated in the local area network through which anyone who is using the Internet can peep. Naturally, nearly all web site visitors look at no more than what they are meant to see, but a small number make an effort to discover elements of the site that are not meant to be evident to the world. Unscrupulous visitors aspire to go further than only look; they endeavour to undo the window and slither through it. The damage they could inflict might be sheer vandalism, such as substituting the website's home page with theirs which might say or put on view absolutely anything, or it might be theft, such as gaining possession of a contacts or sales list.

It is difficult to elude the virtual certainty that complicated software contains bugs. No matter how scrupulously it's tested, there's frequently a certain pattern of events or user actions, although it might be infrequent, which leads to a fault. Computer software bugs create breaches in system security. A Web server is complicated software which can quite likely include a security flaw.

It is not merely the complexity of a Web server that may produce a glitch, but also its open architecture. Consider a CGI script as a case in point. A CGI script can be executed at the server in answer to a remote call from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there is a chance of a security breach.

Network Administrators also have to cope with problems from Web servers due to the danger they pose to the security of the local area network. Though there should be no unauthorised intrusions, right of entry must be given to website visitors. This means that access to the network has to be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall may be compromised if the Web server is configured poorly. By the same token, normal use of the web site may be impossible if the firewall is configured badly. Arriving at an ideal solution is still more tricky if an intranet exists as an element of the system. Commonly, the Web server in that case needs to be configured to distinguish and authenticate domains and user groups, which are likely to have varying permission levels and access privileges.

Suggestion: For information about a certain aspect of website security, e.g. "website security risks", search for the full expression on the Web.

Almost all people using a browser to surf the Net suppose that they really are doing so incognito and safely. It is not correct. Web browsers can process self-contained programs on the user's computer that are resident on a website. Current browsers show a caution and ask consent to run such programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other hazardous software on the browser user's machine. As soon as it is in the system it can wreak all kinds of havoc and may be very awkward to get rid of.

This is also a concern for Network Administrators. Web browsers present a route for potentially malicious software to permeate all the way through the local area network's firewall. As soon as it is in the system, the damage it could cause can stretch from stealthily gaining possession of confidential data to meaningless demolition.

Besides the concerns to do with active content, merely surfing the Net leaves a trail of the user's activities in the browser's history. This can be used by websites and installed programs to create a precise report of the user's behavior and interests. Although this might be considered an invasion of privacy by some people, it can be positively effective by offering applicable content immediately, thus relieving the user of the task of looking for it.

Confidentiality is a subject that concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be thought of as as automatically confidential. Whenever the browser on a local machine downloads a sensitive document from the remote Web server, or the browser user completes a form with personal information and clicks the 'Submit' button, the transmitted information may be intercepted without consent.

To find out more about 'website security risks', visit website-security.biz.