What is Encryption?

Encryption is the transformation of plain information into encrypted information which cannot be viewed by an outsider without a special key that unlocks the encryption. When data transfers through an encryption service it is scrambled in a seemingly arbitrary fashion. By the time it reaches the other side of the portal, the data is completely unrecognizable and cannot be used by any third party without the key that is custom generated during the encryption process. The encryption services uses a computer algorithm to create a random cipher which prevents hackers from accessing the encrypted information. Many people also use the term decryption to refer to the process of deciphering the information for the end users usability. Over the years the standards for encryption has changed notably.

WEP

WEP – (Wired Equivalent Privacy)  is an algorithm that has been deprecated to effectively secure all IEEE 802.11 wireless networks. Since wireless networks broadcast their messages utilizing radio waves, they are susceptible to intruders, even more than conventional networks with wires attached.  When it was first released, WEP  proposed to provide  completely confidentiality similar to that of a conventional wired network. However, in 200 various crucial weaknesses were noticed by professional   cryptanalysts, and it is now a widely accepted fact that a  WEP connection can be hacked easily obtainable software in a very short time period.

WPA

In response to the aforementioned weaknesses of WEP, WPA was created.

WPA/WPA2 – (Wi-Fi Protected Access)  is a program that provides certification, developed by the Wi-Fi Alliance to represent complete compliance with all security protocol instilled by the Wi-Fi Alliance. These protocols are specifically designed to maintain safety in all wireless networks. The WPA protocol enables safe functionality of IEEE 802.11i standard, but was initially meant to an intermediate security measure to temporarily substitute WEP while 802.11i was being prepared. The later developed WPA2 established an advanced protocol that is now seen as the full standard in data encryption.

Conclusion

Having the proper encryption services to protect your online website is absolutely imperative, especially when running an online business. Knowing the nature for encryption services and what the industry standard is will help you make the right decision without having to experience costly trial and error mishaps. Using only thee best encryption services will keep your business from suffering, and will prevent you and your customers from being victimized.

Protecting More than Your Assets

I am sure by now you are aware of the financial risks that are so common on the internet. However many people overlook the villains that are not seeking your money, but are driven by a darker motivation. These people are called online predators, and they seek to exploit and take advantage of any private information they can. Many of them socialize in chat rooms, looking for vulnerable and gullible people that they can take advantage of. In fact there are many crimes each year committed by people that met and seduced their victims online. The problem is, these predators can find you and your family a lot easier than you think ,and they don’t have to do it in a chat room!

Should This Information Be Public?

If you have never heard  of the WHOIS database, then now is the time to become familiar with it. When you register your domain, all of the information about your domain such as the name of the domain owner, and the address, are recorded in the WHOIS database. This information can be researched for free by anyone whom so desires. That means that anyone can find your address whether it be business or home, which obviously presents a real threat, especially if you have known enemies. Even if you don’t have enemies now, it is all to easy to find them online. If you run an online business, it would not be unrealistic for a dissatisfied customer to look up your information to slander or harass you, as this has occurred in the past. Some advertising agencies will use information to place annoying marketing calls to your registered number. Do you really want this kind of information to be public?

Protecting Yourself With Private Domain Registration

If you have come to the conclusion that you would lie all of this information to be hidden form the public, then you may want to register your domain as a private domain. Private domains will still receive all of the publicity and popularity of a regular domain, except the only difference is that your information is not put in the WHOIS database. Once you have made the decision to do so, registering a private domain is actually quite simple, simply check the option at checkout when you;re buying your domain name. If you’re having trouble locating this option, then you may want to contact customer service for assistance.

Encrypt All of Your Site’s Data

If your website frequently exchanges sensitive date such as credit card numbers or bank information, then you’ll want to make sure all of your website’s data is encrypted with SSL or TSL. Keeping your data encrypted ensures that in the event of a security breach, the intruder will not be able to use the encrypted information to their advantage.

Use Secure Web Applications and Forms

Although there are many useful web applications available, many of these tools represent the biggest security risks for companies.  This is because hackers use these applications to gain access to the back-end of your website. Therefore, you should be very cautious about which web applications you use in the administration of your website. Make sure all applications and forms used are designed with secure code.  You should also make sure your website’s users do not have the capability of sending SQL queries, as this is how most hackers execute inference attacks. Avoiding malicious code input from hackers is the first line of defense in preventing an inference attack. You should also avoid using dynamic queries. Dynamic queries allow hackers to send and receive SQL information over the internet in plain text, therefore these queries present a substantial security risk. Many experts recommend avoiding the use of dynamic queries altogether.

Execute Updates Regularly

Keeping your operating system and website updated is an important part in maintaining the security of your online business. Many people don’t realize that maintaining the security of their website is a full time job that needs to be tended to daily. For this reason most security companies update their software as soon as a vulnerability is recognized.  To avoid an inference attack, or any other attack, you should keep you website and operating system updated, and make sure you are ware of any new developments.

When the security of your website is compromised and an intruder gains access to your administrative interface, there is often no way for the defrauded client to distinguish between the actions of you and the hacker. This can result in the loss of your website, your business, lawsuits,  and in some cases even unjustified incarceration!

Fighting an Infinite Yet Invisible Threat

When you think of a hacker, you probably envision a young kid sitting in his mother’s basement typing extremely fast, trying to hack into databases manually. Unfortunately, this is not how hacking works in reality. Real hackers do not do tons of work manually, they use networks of “drones” to do their dirty work for them. These drones are personal computers that have been “hi-jacked” and are being used to carry out small individual tasks that ultimately compromise the security of a server or a network of servers. A single hacker can have as many as 20,000 drones, or more, carrying out pre-set functions at any time. In fact, your personal computer at home may be a drone! If your computer’s RAM is being consumed by a hidden application or “virus” then there is a small chance that your computer’s resources are being used by a hacker!

Resistant Viruses

Online viruses are similar to biological viruses, as they are constantly mutating and becoming stronger and more resistant to treatment. To prevent your personal computer from becoming the victim of a new virus, it is important to keep your anti-virus software updated.  Choosing a web hosting company that updates their security measures regularly will prevent your website from becoming a victim as well. This bring us to our next segment.

Security Capabilities of Your Hosting Provider

If you are like 90 percent of webmasters, then chances are your website is hosted by a third-party hosting service.  It is important to realize that many of these hosting companies are losing employees regularly due to the falling economy, and simply do not have the resources necessary to combat the ever-growing security threats in modern cyber-space. Since the security of your website is in the hands of a third-party company, it is important to make the necessary inquiries regarding their manpower, server capabilities and support staff. Choosing a cheap web host is not recommended for a serious online business owner.

An Example of a Serious Security Threat

Some hackers engage in the practice of “click stealing.” Click stealing is when a hacker places a redirect link over a button on your website, causing the information to be secretly sent to a third-party website. This is especially dangerous when the information is private financial information. An example would be an order form submit button. The hacker “steals” the click from the submit button, and the information is redirected to a phony web page that mimics the check out page of your website. This is a serious threat, and if you are using a third-party host it is important to make sure they are aware of this.

Resentful Employees

If you run a large online business, with tech savvy employees, it is important to change your site’s passwords and security configuration every time you fire an employee. Some employee’s may attempt to seek revenge if they are resentful towards your decision to terminate them.

How hackers work

First, exactly how do hackers get into your site and gather information?  Above all else, hackers are patient as much of their work involves guessing.  After carefully watching your web site for a time, the hacker will peruse cookies that are created and see if changes to the cookies garners success, explore the source code of each of your site’s pages and often will create an account to view the authorization process.  Hackers spend a great deal of time processing the information they gather to enable them to see where the holes are and how they can exploit these areas.

Update your CMS

One of the very first and simplest things to help secure your web site is to ensure you have the most current update of your CMS (content management system).  Software such as Drupal, Joomla, WordPress and many other mainstream CMS programs are constantly tested and updated to close up any unsecured areas.  Each day you let an update slide is another day a hacker has to get to your secure information.

Change the defaults

CMS programs often are automatically setup with default information.  After installing your CMS program, ensure you are not using the default administrator user name (often simply admin) and you have changed any default passwords.  You can be sure a hacker will know all the default information with regard to the particular CMS software your site is running on.

PHP error reporting

PHP is a very handy bit of web site programming but unfortunately can tell a hacker a lot about your system and your site if the error reporting level is set to show too much information in error messages.  You can greatly reduce this risk by completely turning off PHP error reporting and setting your configuration to not display errors should one occur.  If you are unable to do this yourself, request it of your system administrator or from support at your web hosting company.

The htaccess file

By properly setting up your htaccess file, you can also keep hackers out of secure files.  First, you should ensure no one can access the actual htaccess file itself accidentally by including the following within the htaccess file:

<files .htaccess>

order allow, deny

deny from all

</files>

If there are any other files you wish to keep private, you can use the same coding and replace .htaccess with the name of your secure file.

Secure passwords

Lastly, it almost goes without saying but always use very strong and secure passwords.  It is very unwise to use your birth date or passwords that are very easy to remember.  If you can remember it easily, it’s a safe bet that a hacker will figure it out in a matter of seconds.  There are many sites online that can help you create a good, solid and secure password.

Conclusion

Being diligent with the security of your web site will not only benefit you but will also benefit your customers.  Take a few moments to go over the tips listed above and don’t give a hacker a chance.