The single most important feature a web hosting plan can have is a good encryption service. Without proper data encryption, all of the information sent to and from your website can be intercepted by hackers and other cyber criminals. If you run an online business, this can prove to be especially dangerous, as there is important information being transferred on your web server daily, including credit card numbers, bank account numbers, addresses, phone numbers and other information that your customers entrust to you. If this information is intercepted you may be held liable, and ultimately your business could be dismantled.

What is Encryption?

Encryption is the transformation of plain information into encrypted information which cannot be viewed by an outsider without a special key that unlocks the encryption. When data transfers through an encryption service it is scrambled in a seemingly arbitrary fashion. By the time it reaches the other side of the portal, the data is completely unrecognizable and cannot be used by any third party without the key that is custom generated during the encryption process. The encryption services uses a computer algorithm to create a random cipher which prevents hackers from accessing the encrypted information. Many people also use the term decryption to refer to the process of deciphering the information for the end users usability. Over the years the standards for encryption has changed notably.

WEP

WEP – (Wired Equivalent Privacy)  is an algorithm that has been deprecated to effectively secure all IEEE 802.11 wireless networks. Since wireless networks broadcast their messages utilizing radio waves, they are susceptible to intruders, even more than conventional networks with wires attached.  When it was first released, WEP  proposed to provide  completely confidentiality similar to that of a conventional wired network. However, in 200 various crucial weaknesses were noticed by professional   cryptanalysts, and it is now a widely accepted fact that a  WEP connection can be hacked easily obtainable software in a very short time period.

WPA

In response to the aforementioned weaknesses of WEP, WPA was created.

WPA/WPA2 – (Wi-Fi Protected Access)  is a program that provides certification, developed by the Wi-Fi Alliance to represent complete compliance with all security protocol instilled by the Wi-Fi Alliance. These protocols are specifically designed to maintain safety in all wireless networks. The WPA protocol enables safe functionality of IEEE 802.11i standard, but was initially meant to an intermediate security measure to temporarily substitute WEP while 802.11i was being prepared. The later developed WPA2 established an advanced protocol that is now seen as the full standard in data encryption.

Conclusion

Having the proper encryption services to protect your online website is absolutely imperative, especially when running an online business. Knowing the nature for encryption services and what the industry standard is will help you make the right decision without having to experience costly trial and error mishaps. Using only thee best encryption services will keep your business from suffering, and will prevent you and your customers from being victimized.

Most of the security risks on the internet today are the result of faulty programming and exploitable code. Many developers do not place security high on their list of priorities, as they’re often rushed for deadlines that they must meet in order to finish a paid project. Sadly, most of the security flaws within their programs are not discovered until the flaw has been exploited and the program is the cause of a compromised site or network. Of all the programming types, PHP is the most common, and is said to be the most useful. PHP is also easier to use than any other programming tool, and as the popularity of PHP programming increases, more new programmers are becoming interested in using PHP. This  influx of inexperienced programmers designing web applications has resulted in an internet full of unsafe websites.

Web Applications and Security

Web applications enhance the functionality and productivity of websites in a variety of ways, and have therefore become very popular amongst website owners. Unfortunately, website owners don’t realize how much of a risk they’re taking by installing and using these applications. Web applications are installed directly into your control panel, which makes them part of a your administrative interface. If a hacker can gain access to your user interface, they can basically do whatever they’d like with your website, including deface it with questionable or inappropriate content. In fact, some web applications are designed by hackers specifically for this purpose. Before you install a web application you should make sure it is from a reliable source, and only install applications that are absolutely necessary towards the progress of your site. If possible, try to work with professional developers to have your own web applications made.

BruteForce

Another way hackers can gain access to your administrative interface is by sending requests to your website’s server repeatedly in order to receive certain information. Many times this information will be something as simple as a password or nickname. They use the information returned to see if they’re guessing the right password without having to wait for a long time. This method is incorporated into hacking programs called Bruteforce programs. These programs repeatedly input information into your sites login fields, in order to guess a correct username and password.

Since the process is done remotely, the hacker will need to know when they have successfully logged in to the account in order for the program to stop sending information. If they fail to realize they are logged in, then the program will continue sending login information which will reverse their success. Hackers avoid this pitfall by getting your site to send them a line of code when they have successfully penetrated the user area of the site. To prevent this from happening you’ll need to change a few settings in your administrative interface to restrict HTTP requests from unknown sources. You can also limit the amount of requests per a certain time frame, to stop the Bruteforce program from receiving information from your website repeatedly.

As of the last quarter in 2009 it is illegal in Austin, Texas to post messages on social networking sites using a name other than your own (impersonating) with the intent to harm, defraud, intimidate or threaten.  In fact, it is now considered to be a third-degree felony.  This law is seeing quite a bit of favor from the Austin police as the department has been on the receiving end of a number of impersonations and attacks.  On the surface, this seems to be a law that is easy to understand and implement.  However, digging a bit deeper will show how this may not be as simple as we think.

Defining

Part of the problem with proving the intent is on the definitions of harm and intimidate.  Harm is defined at physical injury or mental damage.  Physical injuries are simple enough to prove.  It’s not so easy when it comes to proving mental damage – mental damage to one person may simply be an annoyance to another.  Intimidation is another difficult concept to pinpoint.  The truest definition is to make timid or to fill with fear.  Again, we’re left with wide interpretations of what causes fear for one person and not another.  Some very clear definitions should be put into place in order to keep frivolous lawsuits from happening.  With very broad definitions, one could easily state that grievous mental harm was caused when in reality all that occurred was some minor annoyance and since intimidation is very personal, just about anyone could claim they were filled with fear as a result of a faked posting.

Tracking

The next issue with this new law is the cost that could be involved in tracking the imposter.  There are hundreds upon thousands of programs available to the average internet user allowing him or her to fake his or her IP address, route through one of many proxies and generally make their digital path a lot more hidden and harder to track than one might expect.  And it’s even easier to just use a public connection at one of the local hot spots to do whatever anonymous and possibly nefarious things you wish to do.  With all the anonymity tools at the user’s disposal, how much money would be spent purely in the act of attempting to track the supposed criminal?  Will this sort of tracing be left to the owner of the web site or will a third party become involved?  And if a web site owner is considered responsible for this sort of activity, how will they need to protect themselves from possible legal action?

Broader implications

And where will it stop?  This sort of law inevitably leads to broader issues.  What is to stop the creation of a law where it simply is illegal to post out information with the intent of harming, defrauding, intimidating or threatening another individual all the while not being anonymous or posing as another?  Case in point, Perez Hilton.  Notorious for his scathing “reporting” of many celebrities in their not so great moments, postings by this man could be considered by many to be mentally harmful and threatening on many levels.  It’s all left up to the individual’s personal definition of harm and how it applies specifically to them.

Final Thoughts

Simply put, the more effective law would have been to make it illegal to impersonate another online, period.  Just as it is illegal to impersonate any official in “real life”, so should it be on the internet.  The way the law stands now, the monetary costs may be prohibitive and the frivolous suits to come may prove more than what the law originally intended.

The best way to know how ones online business is doing is by allowing customers to leave feedback.  Many businesses are incorporating blogs into their web sites to not only disseminate information but to also engage with their customers.  While the gain is knowledge in what works and what needs to be fixed, the downside is the opening up of the floodgates known as spamming and trolling.

Spam

Spam is defined at the sending of unsolicited bulk messages.  This form of abuse can take place in a forum, Usenet newsgroup, wiki, instant messaging program, e-mail or blog.  The messages sent usually have no tie-in or bearing on the conversation at the time and quite often are used to sell a product or service.  The costs of such unrequested messaging is one that is borne by the web site owners and ISPs (Internet Service Providers).  Fortunately, the growing trend has been to prosecute those found guilty of spamming online entities.

Troll

In the same vein but not for the same reasons, trolls are those who actively participate in online conversations with the sole purpose of creating controversy.  Trolls will purposely leave off-topic and inflammatory comments in the hopes of invoking an emotional response and thereby completely disrupting the conversation.  In its most basic form, trolling is simply a form of harassment.

Prevention

For the prevention of e-mail spam, many experts suggest a number of tips.  The first of these is creating an alias email address that can be replaced when needed.  This e-mail address can be listed out on public web sites and, should it become compromised, tossed and replaced with a new alias.  Never use the “unsubscribe” link that is quite often offered within spam e-mails.  These links are used to authenticate e-mail addresses and will ensure further spam will ensue.

To effectively prevent spam or trolls from infiltrating a web site, many web site software programs used for online communications will often come equipped with spam filtering or “comment jailing”.  A great example is WordPress.  This blogging program will allow web site owners to set all comments to being placed in a monitoring pool.  Once the owner has perused the comments recently left, they can be either approved or be marked as spam.  WordPress also allows web site owners to see the IP addresses used by spammers – great for reporting issues to ISPs should the need arise.

“Do not feed the trolls” is a phrase often used when faced with trolling behavior.  Basically, if the troll is ignored, they will eventually give up and move on.  However, if the behavior is having a negative effect on a web site and needs to be placed under control immediately, the use of post or comment moderating that is standard with most blog, bulletin board and other online communications programs should allow a web site owner to quickly and efficiently get things back under control.

Final Thoughts

The bottom line is that with a business web site that is geared toward communicating with its customers, spam and trolling will occur.  A bit of prevention and a lot of monitoring will go a long way to ensuring the issues do not get out of hand.

The search for a good web hosting company can be very confusing, especially with the ever increasing selection. Each company promises they are the best, so who do you believe? Before you can make your decision, you should know that all features are irrelevant unless the web hosting service offers top notch security. Before deciding on a web host you’ll want to make sure they are capable of keeping your website secure. The following terms will help you make your decision by letting you know what you should be looking for.

Secure Sockets Layer (SSL)

SSL is an encryption protocol that keeps all of your website’s communications, both incoming and outgoing, secure from intruders. The incoming information ( credit card numbers, addresses, emails) is the most sensitive information and can be used by hackers to commit fraud with your customers’ information. For this reason SSL is one of the most important security features, and most online shoppers will not buy products or services form you if you do not have an SSL certificate posted on your website.

File Transfer Protocol (FTP)

FTP is a network security protocol that facilitates file transfer on both internal and external networks.  FTP is an important security feature because it gives the webmaster the ability to manage site accessibility and send files securely.

Secure File Transfer Protocol (SFTP)

SFTP is a stronger version of FTP, offering more of a guarantee than standard FTP by using a secure shell to transfer data over the internet and between networked computers. Serious business owners will want to make sure their web host offers this as part of their security package.

Firewall

Nearly every web host is protected by a firewall of some sort, however not all web hosts give the end-user access to the administrative functions of the firewall. If you are serious about the security of your website, then you will choose a host that grants customer access to the configuration of their site’s firewall.

Spam Filter

You may think spam is just a nuisance, however there are many hackers that use spam to plant nasty viruses on your computer. Among the bad things that can happen because of simple spam is phishing (password stealing), and even data loss caused by malicious software. Spam not only threatens the security of your website and the safety of your computer, it also consumes plenty of bandwidth and it clutters your inbox with unwanted messages. A spam filter will solve nearly all of the potential problems that are caused by spam.

Distributed Denial-of-Service (DDoS) Protection

A DDoS attack is very well know yet common attack executed by a hacker with access to multiple compromised computers. This attack is particularly dangerous because it can comprise an entire network of computers in short period of time.  Every website on the server, including yours will be affected detrimentally. In fact it is more than likely that the end-users will be affected the most by this type of attack. It is vital that you make sure your web hosting service has protection measures in place to prevent this kind of attack.