To many IT professionals, webhosting security means protecting websites from hackers and malicious codes. But most of the time we forget to consider that websites security depends on a number of components such as server , application , database, scripts etc. One of the most important aspects of webhost security is to ensure continuous operation and disaster recovery of web services. This post aims to develop a broader picture that can help you to take necessary steps to ensure your sites continuous operation.
Hosting environment
- Security of the operations system
- Web server security
- Application security
- Coding security
Depending on your needs, you may go for cloud, VPS, dedicated or even shared webhosting. Among all these types of webhosting solutions, shared webhosting is considered as the most unsecure because in a shared environment, a single server hosts several hundred websites.When a single customer ‘s account gets compromised, all other websites in that server also become more vulnerable to get compromised. Moreover, in a shared environment all users use the same database, making all the sites using that database prone to database related vulnerablities.
Apart from choosing the right webhosting environment, you need to make sure whether the service provider secures the operating system and at what extent. Make sure your host has the capabilities to fight againt Denial of service attacks and have intrusion detection system installed in their network. Most of the dynamic websites use server site languages such as PHP, Perl, and Python, which have their well-known vulnerabilities. Webmasters love to have thier own email address and because of that many host offer free email application to their customers. Before using your own email system, make sure the location of the email applicaitons. Your websites will be more secure if you host your email application in a seperate server.
Therefore, if you are a looking for a webhositng solution for new site and cannot decide which type of webhosting solution will be right for you, you need to keep in mind the you need to choose a host who offers application, network and server level security. Furthermore, you can ask the following things questions to your host:
- Whether the network and server can defend ad DODS attack.
- Whether you have application layer firewall in the server.
- Intrusion detection and prevention system in the webhost.
Reliability
Hosting reliability comes into play when your website attracts millions of visitors every month or every year.Just like everything else in this world, hardware also has its own limitation. You never know when and how your server’s hardware is going to fail. Remember that your hardware is prone to fail whether you are using a normal PC graded hardware or enterprise class hardware. To ensure that your websites always stay operational, you need to consider using hot/standby hosting server. When it comes to relaiablity, cloud hosting is considered both realiable and cost-effective. Despites having some advantages, cloud is not 100% reliable when it comes to data privacy. It has its own drawbacks. For further information on cloud security, you can read cloud privacy issues.
The next step after ensuring availability of web server is to make sure that your seraver can share load druing heavy traffic demand. When your site will experience traffic surge, you need to have enough resources to continue serving high number of user request per second. So, consult with your webhost whether they have any plan for load balancing. If you are only concerned about loads sharing and do not have much requirements for data privacy, then you can consider cloud webhosting since they are both cost-effective and efficient solution to cope with increasing traffic.
Protection against malicious attacks
Before buying a webhosting solution, ask your provider about their plan to protect the webserver against virus, other malicious codes and advanced hacking techniques. Ask them about their action plan if you discover that your site has been compromised. Also, make sure if your host conducts regular security audit to their servers.
Physical Security
Discuss with your host about the physical security of your server in their data center. Can they ensure that no outsider have access to your server? Do they provide full power backup during blackout because of natural disasters such as floods or stroms?
Backup
A backup plan can be on-site,off-site, cloud backup or a combination fo any of the three. You can keep a local copy of your website and database with you, which will always give you the complacency of having the last mile solution. Having a local copy is good solution when the size of your site is fairly small such as several hundred megabytes. Having a local and online backup creates problem when your site is extremely large, having several GB or even several terabytes. Having a separate backup server in the service provider’s premise is always efficient, but it does not help to restore your site if natural disaster hits the datacenter. Thus, having copy of your site in several geographical locations is a wise choice.
When planning backup plan, you need to consider how data will be stored in backup media. Will they be encrypted or they will stay it plain format. Also, determine how critical your data are. Can you feel safe to keep a copy of your e-commerce data with a little know online backup service provider?
Access control
Managing a webserver and managing a website is not the same thing. Though some webmasters are expert in managing webservers, there are many who delegate server administrative responsibilities to someone else. For managing your server, you may either choose your host or you may hire someone or you can do it on your own. If someone else is responsible for your web serger maintenance, always make sure how your server administrators are accountable to you and how you authorize the maintenance and management activities.
No webhost is 100% secure. But you always have the opportunity to enhance your security measures to narrow the probability of compromise and the other forms security breaches such as social engineering.
