Website security watch

This 'website security watch' article is supplied by Web Site Security, where you can find more information about website security watch.

An Understanding of Web Site Security Issues



An unfortunate fact is that there are numerous ways in which web site security can be adversely affected. For example, security hazards lurk insidiously that affect Web servers and LANs (local area networks) on which Websites reside, even by the regular use of a Web browser.

Web Masters shoulder the responsibility when dealing with the gravest risks. As soon as a Web server is set up at a site, a window is fabricated in the local area network through which anyone who's using the Internet can peek. Of course, on the whole website visitors look at only what they are supposed to see, but a minority attempt to discover areas of the site that aren't meant to be discernible by the public. Pernicious visitors desire to go further than merely look; they endeavour to unlock the window and slither in. The harm intruders may cause might be sheer vandalism, for example changing the web site's home page with one of theirs which might say or show absolutely anything, or it might be theft, such as appropriating a contacts or orders list.

It's difficult to evade the likelihood that intricate software has bugs. Regardless of how systematically it's tested, there will be frequently some permutation of events or user actions, though it may arise infrequently, which will cause a fault. Software bugs give rise to breaches in system security. A Web server is involved software that may quite easily contain a security weakness.

It's not just the intricacy of a Web server which can trigger a problem, but also its open architecture. Consider a CGI script as a case in point. A CGI script can be executed at the server in answer to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there will be a chance of a security breach.

Network Administrators also have to tackle problems from Web servers owing to the risk they pose to the security of the local area network. Though there should be no unauthorised incursions, right of entry has to be given to website visitors. This means that access to the network must be controlled. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be compromised if the Web server is configured badly. Bearing that in mind, normal use of the website can be unattainable if the firewall is configured badly. Reaching a perfect answer is even more tricky if an intranet is part of the system. Typically, the Web server then has to be configured to identify and validate domains and user groups, which are likely to have differing permission levels and access rights.

Tip: For advice concerning a specific aspect of website security, such as "website security watch", search for the full phrase on the Net.

Nearly all people using a browser to surf the Internet suppose that they are doing it incognito and safely. This is not the case. Web browsers can execute autonomous programs on the local computer which are resident on a website. Current browsers show a caution and request permission to run such programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily leave a virus or other dangerous software on the browser user's machine. As soon as it is in the system it can cause all kinds of catastrophe and may be extremely stubborn to delete.

This is also a worry for Network Administrators. Web browsers present a path for possibly malicious software to seep all the way through the local area network's firewall. As soon as it is in the system, the damage it may inflict can vary from secretly appropriating private information to willful demolition.

Besides the problems surrounding active content, merely browsing the Net records a trail of the user's activities in the browser's history. This might be utilized by websites and installed software programs to determine a precise profile of the user's behavior and preferences. While this may be considered an invasion of privacy by some, it can be useful by offering relevant subject matter directly, thus unburdening the user of the task of looking for it.

Secrecy is a question that worries not just browser users but also Web Masters and Network Administrators during the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was formed, security was not the principal factor of its design. Both network and Internet transmissions should therefore not be considered as essentially confidential. When the browser on a local PC downloads a sensitive document from the remote Web server, or the browser user fills in a form with personal data and clicks the 'Submit' button, the transmitted information can be intercepted without authorisation.

To find out more about 'website security watch', visit website-security.biz.