Although reliable web hosting providers make it a priority to secure their networks and the hosting environments of their customers, it is still advisable to take it upon yourself to make sure your website is secure. If you have no idea of where to start, use this checklist as your guide to preventing a security disaster
Managed Your Site Over Encrypted Connections
Utilizing weak or completely unencrypted connections such as FTP or HTTP to maintain your website makes you quite susceptible to password sniffing and man-in-the-middle exploits. Therefore, you should make it a habit to use proven encrypted protocols like SSH to securely access resources and transmit data. If you don’t, someone can easily access your website and enjoy all the same privileges as yourself.
Consider Stronger, Cross-platform Encryption
While many do not realize it, SSL (Secure Sockets Layer) is no longer the powerful, impenetrable encryption protocol it used to be. This is why you should consider looking into Transport Layer Security or TLS, the successor to SSL encryption. Whatever protocol you choose, make sure it does not unnecessarily limit your user base like many proprietary-specific platforms have been known to do. This could result in a resistance to use secure encryption mechanisms for those who need access to your site, especially those who require access on the back-end.
Only Make Connections from a Secure Network
Try to avoid making connections from networks that have unspecified security characteristics or those that are known for inadequate security such as the open wireless access at the local coffee shop. This is extremely important whenever you have a need to log into your server for administrative purposes or to access vital resources. If you absolutely must access your web server or site via an unsecured network, be sure to use a secure proxy so the connection to your destination is at least originating from a proxy on a secure network. This can be done utilizing either an OpenSSH or PuTTY secure proxy.
Favor Key-based Authentication Instead of Password Authentication
Though it certainly provides some level of protection, password authentication has proven to be much easier to crack than key-based authentication. The goal of a password is make it easier to recall login details and access secure website resources. However, key-based authentication is more secure because if you create a single encryption key and keep it separate from the authorized system until needed, you will have stronger authentication credentials that are far more difficult to crack.
Never Share Login Credentials
Though convenient, sharing login credentials can lead to a number of security issues. This is something that should not only be stressed to your system administrator or webmaster, but also every user that has login credentials to access your site. Sharing such sensitive information only widens the probability of those credentials being exposed to malicious parties you don’t want anywhere near the fragile elements of your site. The more these details are shared, the harder it becomes to create a trail that allows you to pinpoint the source of the problem. To prevent this, enforce a no sharing policy and stick to it.
October 6th, 2009 at 3:11 pm
very goog thank you
October 6th, 2009 at 4:05 pm
very nice gread article thanks
October 6th, 2009 at 5:01 pm
thank you for share
October 6th, 2009 at 6:55 pm
eline sa?l?k süper sin
October 6th, 2009 at 7:51 pm
very nice gread article thanks
December 5th, 2009 at 11:27 pm
Very informative posts and stories here. Much appreciated!
January 10th, 2010 at 1:41 pm
Very informative posts and stories here. Much appreciated!