web hosting

The Need for PCI Compliant Hosting

More web hosting providers are offering services that provide customers with the help they need to achieve PCI (Payment Card Industry) compliance.  Achieving compliance requires the use of numerous security tools and policies to meet the standards that apply to any business that accepts, processes and stores credit card information.  Those who do not adhere to these requirements are subject to penalties and may eventually lose their privileges to accept credit card payments, which is the most common method of payment on the web.  If you sell products or services online, investing in a PCI compliant hosting solution may be worthy of your consideration.

Though PCI standards were introduced to protect consumer information and ensure integrity across various industries, they have also introduced a new level of frustration for the smaller business that has a need to sell products or services online, but doesn’t possess the resources to meet compliancy.  There is a lot that goes into protecting sensitive card data and unfortunately, one too many organizations are not equipped to provide this protection.  Everyday, companies are scattering in attempts to gather the necessary resources to not only fend off attackers, but also keep the government out of their business.  Difficulties aside, PCI compliance is needed as threats are growing rapidly in terms of numbers and sophistication.

PCI-Friendly Hosting Features

Achieving compliance requires a multitude of security components.  Some of the essentials include:

Malware Protection – Malicious software such as viruses, worms, Trojans and keyloggers pose a direct threat to card data stored on any computer or web server.  Businesses are strongly advised to keep their systems protected with reliable solutions capable of detecting and eradicating the latest malware programs.

Firewall - A firewall provides an organization with the ability to control inbound and outbound traffic going to and from the system.  With the right configurations, it can halt malicious traffic and also help to prevent basic hacking attacks.

Intrusion Detection – Though very effective, a firewall can only do so much.  An intrusion detection system enables PCI compliance by detecting the presence of malicious activities that pose a potential threat to card data resting on the system.

Network Monitoring – Even with all the right security mechanisms, card data can still be at risk due to a wide range of circumstances.  This could related to hardware failure or a problem with a backbone provider.  Network monitoring allows companies to stay one step ahead of such issues by watching over the network and reporting its status to system administrators.

SSL Certificate System - SSL (Secure Sockets Layer) is a must-have security feature for any business that sells goods or services over the internet.  Credit card data is in jeopardy whenever transactions are made on any website that isn’t protected.   With an SSL certificate, businesses can ensure the protection of sensitive information as the protocol creates an encrypted tunnel for which credit card details to travel through.

Not all hosting providers make the commitment to aid in PCI compliance but more are getting onboard with the concept.  Those who are should be commended for their efforts to aid in business-friendly solutions that take the stress out of meeting these demanding standards.

The Dangers of Insecure Web Applications

Software can be used for many great things but there is a gloomy dark side.  It also comes in the form of malicious programs and the web is literally infested with these harmful applications.  Sadly, thousands of internet users download malicious software everyday, blind to the fact that they are essentially inviting threats right into their systems.  These risks have the potential to be even more dangerous when a website is involved.  Any software code running on a web server poses a great threat for the mere fact that it contains an executable file.  This means that it can be executed by anyone in the world with an internet connection.  Just imagine if there was an executable file on your desktop computer that could be executed by anyone at anytime.  If this was the case, that program would have to completely secure in order to prevent the execution of malicious code on your system.  The same goes for programs consisting of PHP or CGI scripts.

What makes executable programs even worse is that many of them accept parameters such as a user name or email address, making them more vulnerable to exploitation.  Needless to say, the web was a lot safer some five to eight years ago when the internet phenomenon wasn’t as huge.  Today, hackers are highly skilled and more determined than ever.  They will do whatever it takes to break into home-based PCs, network servers, and even the applications on your website.  If your scripts are not probably secured, you stand the risk of losing essential data that can stir up all sorts of trouble.

Here are just a few examples of what can happen when your scripts are not properly secured:

Hijacking of your mail server: You may ask, “what’s the point?”.  The answer all boils down to legality.  Although you couldn’t tell on the surface, spam is illegal in most countries and if the authorities catch you doing it, you could find yourself in big trouble.  By hijacking the mail server, a spammer can use your domain to distribute mass mailings of spam.  When the authorities find out, it all leads back to you.

Hijacking of your website: Ever run across a family-friendly site and wondered why is was littered with pornographic images?  This my friend is website hijacking, more commonly known as defacing.  A poorly configured script can invite an intruder into your site, give them enough time to setup their own credentials and leave you out in the cold.

Attacks on other machines: Leave the door open for a hacker and they just might force you to participate in a strike against other machines.  Known as a DDoS attack, the hacker slips through your insecure script and installs a rootkit which opens a backdoor that gives them complete control over the server.  This could eventually cause problems for both you and your web host.

With the responsibility of administering the server, it is up to your web host to provide a secure environment.  As a webmaster however, it is up to you to make sure your web applications are properly scripted and secure.  Software can add instantly functionality to your site but if you’re not careful, it can also be your worst nightmare.