securitywing

Webhosting Security-Best Practices and Concerns

by

To many IT professionals, webhosting security means protecting websites from hackers and malicious codes. But most of the time we forget to consider that  websites security depends on a number of components such  as server , application , database, scripts etc. One of the most important aspects of webhost security is to ensure continuous operation and disaster recovery of web services. This post aims to develop a broader picture that can help you to take necessary steps to ensure your sites continuous operation.

Hosting environment

  • Security of the operations system
  • Web server security
  • Application security
  • Coding security

Depending on your needs, you may go for  cloud, VPS, dedicated or even shared webhosting. Among all these types of webhosting solutions, shared webhosting is considered as the most unsecure because  in a shared environment, a single server hosts   several hundred websites.When a  single customer ‘s account gets compromised, all other websites in that server also become more vulnerable to get compromised. Moreover, in a shared environment all users use the same database, making  all the sites using that database prone to database related vulnerablities.

Apart from choosing the right webhosting environment, you need to make sure  whether the service provider secures the operating system and at what extent. Make sure your host has the capabilities to fight againt Denial of service attacks and have intrusion detection system installed in their network. Most of the dynamic websites use server site languages such as PHP, Perl, and Python, which have their well-known vulnerabilities. Webmasters love to have thier own email address and because of that many host offer free email application to their customers. Before  using your own email system, make sure the location of the email applicaitons. Your websites will be more secure if you host your email application in a seperate server.

Therefore, if you are  a  looking for a webhositng solution for  new site and cannot decide which type of webhosting solution will be right for you,  you need to keep in mind the you need to choose a host who offers  application, network  and server level security. Furthermore, you can ask  the following things questions to your host:

  • Whether the network and server can defend ad DODS attack.
  • Whether you have application layer firewall in the server.
  • Intrusion detection and prevention system in the webhost.

Reliability

Hosting reliability comes into play  when your website attracts millions of visitors every month or every year.Just like everything else in this world, hardware also has its own limitation. You never know when and how your server’s hardware is going to fail. Remember that your  hardware is prone to fail whether you are using a normal PC graded hardware or enterprise class hardware. To ensure that your websites always stay operational, you need to consider using hot/standby  hosting server. When it comes to relaiablity, cloud hosting is considered both realiable and cost-effective. Despites having some advantages, cloud is not 100% reliable when it comes to data privacy. It has its own drawbacks. For further information on cloud security,  you can read cloud privacy issues.

The next step after ensuring availability of web server is to make sure that your seraver can share load druing heavy traffic demand. When your site will experience traffic surge, you need to have enough resources to continue serving  high number of user request per second. So, consult with your webhost whether they have any plan for load balancing. If you are only concerned about loads sharing and do not have much requirements for data privacy, then you can consider cloud webhosting since they are  both cost-effective and efficient solution to cope with increasing traffic.

Protection against malicious attacks

Before buying a webhosting solution, ask your provider about their plan to protect the webserver against virus, other malicious codes and advanced hacking techniques. Ask them about their action plan if you discover that your site has been compromised. Also, make sure if your host conducts regular security audit to their servers.

Physical Security

Discuss with your host about the physical security of your server in their data center.  Can they ensure that no outsider have access to your server? Do they provide full power backup during blackout because of natural disasters such as floods or stroms?

Backup

A backup plan can be on-site,off-site, cloud backup or a combination fo any of the three.  You can keep a local copy of your website and database with you, which will always give you the complacency of having the last mile solution.  Having a local copy is good solution when the size of your site is  fairly small such as several hundred megabytes. Having a local and online backup creates problem when your site is extremely large, having several GB or even several terabytes. Having a separate backup server in the service provider’s premise is always efficient, but it does not help to restore your site if natural disaster hits the datacenter. Thus, having copy of your site in several geographical locations is a wise choice.

When planning backup plan, you need to consider how data will be stored in backup media. Will they be encrypted or they will stay it plain format. Also, determine how critical your data are. Can you feel safe to keep a copy of your e-commerce data with a little know online backup service provider?

Access control

Managing a webserver and managing a website is not the same thing. Though some webmasters are expert in managing webservers, there are many who  delegate server administrative responsibilities to someone else. For managing your server, you may either choose your host or you may hire someone or you can do it on your own. If someone else is responsible for your web serger maintenance, always make sure how your server administrators are accountable to you and how you authorize the maintenance and management activities.

No webhost is 100% secure. But you always have the opportunity to enhance your security measures to narrow the probability of compromise and the other forms security breaches such as social engineering.

 

Related Posts:

Syras is a telecommunication and IT security professional with over 10 years of experience in this field. He has been running his personal blog Securitywing.com since 2010. He has the following certifications:

  • CISA(Certified Information Systems Auditor)
  • CCNP(Cisco Certified Network Professional)
  • Prince2( Project Management)
  • Machine Learning

 

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

audit AWS backup basics browser check cisco cloud computer configuration data database email encryption firewall gmail hsrp ids iis informaiton internet it linux load balancing malware microsoft network protection redundancy risk router security security tips server SSL switch test tools vpn vrrp web webserver website windows wordpress