Website security tutorial

This 'website security tutorial' article is supplied by Web Site Security, where you can find more information about website security tutorial.

An Overview of Website Security Issues



Alas, there are many ways in which web site security can be undermined. For example, security risks exist that could have an effect on Web servers and LANs (local area networks) where Web sites are hosted, even by the regular use of a Web browser.

Web Masters come under fire when coping with the gravest threats. As soon as a Web server is installed at a site, a window is fabricated in the local area network through which anyone who is on the Internet can peep. Of course, nearly all website visitors look at only what they are supposed to look at, but some try to unearth parts of the site that are not designed to be visible to the public. Pernicious visitors wish to go further than simply look; they attempt to open the window and sneak in. The harm intruders can inflict might be mere vandalism, such as changing the web site's home page with theirs that could say or display absolutely anything at all, or else it might be burglary, like gaining possession of a contacts or sales list.

It's hard to elude the likelihood that convoluted software has bugs. No matter how methodically it is tested, there does exist frequently a particular pattern of events or user actions, though it might arise hardly ever, that leads to a fault. Computer software bugs create holes in system security. A Web server is intricate software which may quite likely include a security fault.

It's not just the complexity of a Web server that may produce a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script may be processed at the server in answer to a remote call from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there could be a danger of a security breach.

Network Administrators also have to handle problems from Web servers owing to the threat they pose to the security of the local area network. Despite the fact that there ought to be no unauthorised incursions, admission must be granted to web site visitors. This means that access to the network should be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be breached if the Web server is configured badly. Concomitant with this constraint, normal use of the web site can be unachievable if the firewall is configured poorly. Attaining a perfect resolution is still more difficult if an intranet forms an element of the system. Commonly, the Web server then has to be configured to distinguish and authenticate domains and user groups, which are liable to have differing permission levels and access privileges.

Hint: For ideas on a particular aspect of website security, for instance "website security tutorial", look for the full expression on the Net.

Almost all people using a browser to surf the Web trust that they are doing so namelessly and in safety. This is not the case. Web browsers may process self-contained software programs on the user's computer that are hosted by a web site. Current browsers show a caution and ask consent to run these kinds of programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily leave a virus or other hazardous software on the browser user's computer. When it is in the system it can cause all kinds of damage and can be very awkward to remove.

This is also a concern for Network Administrators. Web browsers offer a route for possibly malicious software to filter all the way through the local area network's firewall. After it is in the system, the damage it may inflict can go from surreptitiously gaining possession of sensitive information to motiveless demolition.

Besides the problems involving active content, just browsing the Internet leaves a trail of the user's activities in the browser's history. This might be utilized by web sites and installed programs to ascertain an exact report of the user's behaviour and interests. Although this might be considered an invasion of privacy by some people, it can be helpful by offering relevant subject matter immediately, so unburdening the user of the task of searching for it.

Secrecy is a problem that concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of information via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the most critical factor of its blueprint. Both network and Internet transmissions should therefore not be considered as automatically confidential. When the browser on a local machine downloads a sensitive document from the remote Web server, or the browser user completes a form with personal data and clicks the 'Submit' button, the transmitted information can be intercepted without authorisation.

To find out more about 'website security tutorial', visit website-security.biz.