Properly managing your online business can be a fairly difficult task, especially if you are in charge of all of the administrative task that go along with it. Different hosting accounts offer differing amounts of responsibility of your website, so while using a hosting account that comes with complete control over your web server, keep in mind that this control comes with plenty of responsibility. Your primary responsibility is to keep your customers satisfied, which means you are going to need to make sure your site is easy to use and appealing to the eye. However, customer satisfaction is also achieved by maintaining the reliability of your website.  One of the most common yet fixable problems in eCommerce is site downtime.

What is Site Down Time?

Site downtime is when your site goes down and is offline for a while due to server problems. Downtime can result from a variety of internal errors, and sometimes it is just caused by routine server administration such as server resets. Usually your web hosting company will do their best to reset the server in the middle of the night to make sure there is minimal loss of service, however sometimes the server may crash due to other reasons. If you are running on a private server then you can ensure a minimal amount of downtime by maintaining the server correctly. While some downtime can be explained by routine server problems, other cases cannot be dismissed so easily. In many cases downtime can be attributed to the malicious intent of another individual or a security breach such a virus. To prevent such an occurrence you need to adhere to the following information.

Server Firewalls

One of the best ways to protect your web server from security breaches is to setup a competent firewall for your protection. Most web hosting companies offer firewalls by default, however many of them are configured with certain security loopholes that can be exploited by a knowledgeable hacker. If you want your site to be completely secure, then you may want to use your own powerful firewall, or make a few adjustments to the current firewall. If you are not familiar with the process of securing a server properly using a firewall, then you may need to seek the assistance of a qualified internet security specialist. With a good firewall you should be able to block IP addresses and restrict certain kind of traffic to prevent spam attacks. You should also have adequate protection against site intrusion.

(DdoS) Distributed Denial of Service Attacks

One of the most common and detrimental attacks on a server is called a DDoS attack. This kind of attack is simple in nature, yet can be very difficult to prevent. The reason why we mention this attack is because it is responsible for a lot of downtime on many sites. Some times even professional competitors will attack your site using this method simply to bring your site down for a certain period of time. The DdoS attack works because the perpetrator floods a site with a ridiculous amount  of traffic in a short period of time, thus causing the server to shutdown due to internal server limits. When this happens many websites can god own at once, causing an even more difficult situation to resolve. Before you purchase a hosting company make sure you inquire about their abilities to deal with such attacks.

Choosing an eCommerce web hosting plan can be a very difficult process, especially when one considers all of the aspects that need to be taken into consideration before an informed decision can be made. Perhaps even more difficult than selecting an eCommerce hosting plan, is actually going through the process of becoming acquainted with the hosting account once you have purchased it.

With so many modules and options, it can be difficult to keep your mind on the important issues, such as business expansion and security. The latter of the aforementioned terms (security), may be the single most important factor in creating any business website.

What is an SSL Certificate?

An SSL (Secure Socket Layer) certificate is essentially a certificate that is placed on your website that lets your visitors know that your site is in compliance with SSL protocol. SSL is a secure method of file transfer that ensures that any information sent to and from a website is encrypted and completely protected from third-party interception. Even more important than the actual security of a website, is the trust and confidence that visitors place in the security of that website. You can have the most secure website in the world, however if you’re visitors are not aware of the security measures you employ, then they are likely to assume your site is insecure.

Do I Absolutely Need an SSL Certificate?

A website without an SSL certificate will undoubtedly be seen in this light by many of its more knowledgeable visitors, and therefore will ultimately suffer in terms of sales volume. To prevent  this from happening, you’ll need to make sure you not only have all of the proper security measures in place, but that you also make this information readily available in your site’s privacy policy and on all checkout pages. If you’re running a site that does not directly process payments or other critical data that contains financial or personal information, then you will not necessarily need an SSL certificate. However, if you are operating an eCommerce sites that sells items and process payments, then an SSL certificate is absolutely crucial to the success and sustenance of your online business.

Obtaining an SSL Certificate

There are several methods that can be used to obtain an SSL certificate. In some cases, your web hosting provider will offer the SSL certificate as an included feature with a  hosting plan. In fact, many web hosting companies do offer SSL certificates along with their standard eCommerce plans. If you are planning on operating several eCommerce websites, then you’ll need to make sure you have an IP address for each of these sites. This is important to note, as many web hosting companies do not allow you to have multiple IP addresses per hosting account. In most cases you’ll need to buy a separate hosting account for each eCommerce site. Although this may be slightly time consuming, it will help you offer a secure website for your visitors.

The single most important feature a web hosting plan can have is a good encryption service. Without proper data encryption, all of the information sent to and from your website can be intercepted by hackers and other cyber criminals. If you run an online business, this can prove to be especially dangerous, as there is important information being transferred on your web server daily, including credit card numbers, bank account numbers, addresses, phone numbers and other information that your customers entrust to you. If this information is intercepted you may be held liable, and ultimately your business could be dismantled.

What is Encryption?

Encryption is the transformation of plain information into encrypted information which cannot be viewed by an outsider without a special key that unlocks the encryption. When data transfers through an encryption service it is scrambled in a seemingly arbitrary fashion. By the time it reaches the other side of the portal, the data is completely unrecognizable and cannot be used by any third party without the key that is custom generated during the encryption process. The encryption services uses a computer algorithm to create a random cipher which prevents hackers from accessing the encrypted information. Many people also use the term decryption to refer to the process of deciphering the information for the end users usability. Over the years the standards for encryption has changed notably.

WEP

WEP – (Wired Equivalent Privacy)  is an algorithm that has been deprecated to effectively secure all IEEE 802.11 wireless networks. Since wireless networks broadcast their messages utilizing radio waves, they are susceptible to intruders, even more than conventional networks with wires attached.  When it was first released, WEP  proposed to provide  completely confidentiality similar to that of a conventional wired network. However, in 200 various crucial weaknesses were noticed by professional   cryptanalysts, and it is now a widely accepted fact that a  WEP connection can be hacked easily obtainable software in a very short time period.

WPA

In response to the aforementioned weaknesses of WEP, WPA was created.

WPA/WPA2 – (Wi-Fi Protected Access)  is a program that provides certification, developed by the Wi-Fi Alliance to represent complete compliance with all security protocol instilled by the Wi-Fi Alliance. These protocols are specifically designed to maintain safety in all wireless networks. The WPA protocol enables safe functionality of IEEE 802.11i standard, but was initially meant to an intermediate security measure to temporarily substitute WEP while 802.11i was being prepared. The later developed WPA2 established an advanced protocol that is now seen as the full standard in data encryption.

Conclusion

Having the proper encryption services to protect your online website is absolutely imperative, especially when running an online business. Knowing the nature for encryption services and what the industry standard is will help you make the right decision without having to experience costly trial and error mishaps. Using only thee best encryption services will keep your business from suffering, and will prevent you and your customers from being victimized.

Most of the security risks on the internet today are the result of faulty programming and exploitable code. Many developers do not place security high on their list of priorities, as they’re often rushed for deadlines that they must meet in order to finish a paid project. Sadly, most of the security flaws within their programs are not discovered until the flaw has been exploited and the program is the cause of a compromised site or network. Of all the programming types, PHP is the most common, and is said to be the most useful. PHP is also easier to use than any other programming tool, and as the popularity of PHP programming increases, more new programmers are becoming interested in using PHP. This  influx of inexperienced programmers designing web applications has resulted in an internet full of unsafe websites.

Web Applications and Security

Web applications enhance the functionality and productivity of websites in a variety of ways, and have therefore become very popular amongst website owners. Unfortunately, website owners don’t realize how much of a risk they’re taking by installing and using these applications. Web applications are installed directly into your control panel, which makes them part of a your administrative interface. If a hacker can gain access to your user interface, they can basically do whatever they’d like with your website, including deface it with questionable or inappropriate content. In fact, some web applications are designed by hackers specifically for this purpose. Before you install a web application you should make sure it is from a reliable source, and only install applications that are absolutely necessary towards the progress of your site. If possible, try to work with professional developers to have your own web applications made.

BruteForce

Another way hackers can gain access to your administrative interface is by sending requests to your website’s server repeatedly in order to receive certain information. Many times this information will be something as simple as a password or nickname. They use the information returned to see if they’re guessing the right password without having to wait for a long time. This method is incorporated into hacking programs called Bruteforce programs. These programs repeatedly input information into your sites login fields, in order to guess a correct username and password.

Since the process is done remotely, the hacker will need to know when they have successfully logged in to the account in order for the program to stop sending information. If they fail to realize they are logged in, then the program will continue sending login information which will reverse their success. Hackers avoid this pitfall by getting your site to send them a line of code when they have successfully penetrated the user area of the site. To prevent this from happening you’ll need to change a few settings in your administrative interface to restrict HTTP requests from unknown sources. You can also limit the amount of requests per a certain time frame, to stop the Bruteforce program from receiving information from your website repeatedly.

As of the last quarter in 2009 it is illegal in Austin, Texas to post messages on social networking sites using a name other than your own (impersonating) with the intent to harm, defraud, intimidate or threaten.  In fact, it is now considered to be a third-degree felony.  This law is seeing quite a bit of favor from the Austin police as the department has been on the receiving end of a number of impersonations and attacks.  On the surface, this seems to be a law that is easy to understand and implement.  However, digging a bit deeper will show how this may not be as simple as we think.

Defining

Part of the problem with proving the intent is on the definitions of harm and intimidate.  Harm is defined at physical injury or mental damage.  Physical injuries are simple enough to prove.  It’s not so easy when it comes to proving mental damage – mental damage to one person may simply be an annoyance to another.  Intimidation is another difficult concept to pinpoint.  The truest definition is to make timid or to fill with fear.  Again, we’re left with wide interpretations of what causes fear for one person and not another.  Some very clear definitions should be put into place in order to keep frivolous lawsuits from happening.  With very broad definitions, one could easily state that grievous mental harm was caused when in reality all that occurred was some minor annoyance and since intimidation is very personal, just about anyone could claim they were filled with fear as a result of a faked posting.

Tracking

The next issue with this new law is the cost that could be involved in tracking the imposter.  There are hundreds upon thousands of programs available to the average internet user allowing him or her to fake his or her IP address, route through one of many proxies and generally make their digital path a lot more hidden and harder to track than one might expect.  And it’s even easier to just use a public connection at one of the local hot spots to do whatever anonymous and possibly nefarious things you wish to do.  With all the anonymity tools at the user’s disposal, how much money would be spent purely in the act of attempting to track the supposed criminal?  Will this sort of tracing be left to the owner of the web site or will a third party become involved?  And if a web site owner is considered responsible for this sort of activity, how will they need to protect themselves from possible legal action?

Broader implications

And where will it stop?  This sort of law inevitably leads to broader issues.  What is to stop the creation of a law where it simply is illegal to post out information with the intent of harming, defrauding, intimidating or threatening another individual all the while not being anonymous or posing as another?  Case in point, Perez Hilton.  Notorious for his scathing “reporting” of many celebrities in their not so great moments, postings by this man could be considered by many to be mentally harmful and threatening on many levels.  It’s all left up to the individual’s personal definition of harm and how it applies specifically to them.

Final Thoughts

Simply put, the more effective law would have been to make it illegal to impersonate another online, period.  Just as it is illegal to impersonate any official in “real life”, so should it be on the internet.  The way the law stands now, the monetary costs may be prohibitive and the frivolous suits to come may prove more than what the law originally intended.