Website security

This 'website security' article is supplied by Web Site Security, where you can find more information about website security.

Understanding Website Security Issues



Alas, there are lots of ways in which web site security can be jeopardized. Security hazards are ever present which could impinge on Web servers and LANs (local area networks) on which Websites are hosted, even by the conventional use of a Web browser.

Web Masters shoulder the responsibility when coping with the critical challenges. As soon as a Web server is set up at a site, a porthole is created in the local area network through which anyone using the Internet can look. Obviously, on the whole web site visitors see no more than what they're supposed to look at, but a minority make an effort to discover parts of the site that are not supposed to be visible to all and sundry. Iniquitous visitors desire to do more than only look; they make an attempt to unfasten the window and slip through it. The harm intruders can inflict might be mere vandalism, for instance replacing the web site's home page with theirs that could say or display anything, or else it might be larceny, such as appropriating a contacts or sales list.

It's hard to avoid the likelihood that convoluted software includes bugs. No matter how comprehensively it is tested, there does exist as a rule some pattern of events or user actions, while it might be infrequent, which brings about a fault. Computer software bugs create holes in system security. A Web server is complex software that may very possibly contain a security opening.

It's not only the complexity of a Web server which may trigger a problem, but also its open architecture. Consider a CGI script as an example. A CGI script can be executed at the server in response to a remote call from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there may be a possibility of a security violation.

Network Administrators also have to face problems from Web servers by reason of the risk they pose to the security of the local area network. Though there should be no unauthorized intrusions, admittance has to be given to web site visitors. This means that access to the network must be regulated. The Administrator therefore has to perform a delicate balancing act. Even the most robust firewall can be compromised if the Web server is configured badly. Bearing that in mind, normal use of the web site may be unattainable if the firewall is configured poorly. Attaining a perfect resolution is still more difficult if an intranet forms an element of the system. Typically, the Web server in that case must be configured to distinguish and authenticate domains and user groups, which are likely to have varying permission levels and access privileges.

Hint: For help as regards a particular viewpoint of web site security, something like "website security", look for the full phrase on the Net.

Nearly all people using a browser to surf the Internet believe that they really are doing so secretly and safely. It is not correct. Web browsers can process autonomous software programs on the user's machine which are resident on a website. Modern browsers display a notice and ask consent to run such programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily deposit a virus or other dangerous software on the browser user's computer. After it's in the system it can cause all kinds of damage and may be very stubborn to eradicate.

This is also a worry for Network Administrators. Web browsers afford a way for potentially malicious software to permeate through the local area network's firewall. As soon as it is in the network, the harm it could inflict can range from secretly appropriating confidential data to meaningless destruction.

Aside from the matters to do with active content, just surfing the Internet records a trail of the user's activities in the browser's history. This could be used by web sites and installed software to establish an exact report of the user's behavior and interests. Though this may be thought of as an invasion of privacy by some, it can be positively effective by displaying pertinent content without delay, thus unburdening the user of the task of trying to find it.

Secrecy is a matter that worries not just browser users but also Web Masters and Network Administrators during the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the most crucial feature of its blueprint. Both network and Internet transmissions should therefore not be thought of as as necessarily confidential. When the browser on a local computer downloads a confidential file from the remote Web server, or the browser user fills out a form with confidential information and clicks the 'Submit' button, the transmitted information could be intercepted without authorization.

To find out more about 'website security', visit website-security.biz.