Protect Your Website to Protect your Business

With all of the work that goes into building a comprehensive website over time, it may actually be more devastating to lose a website than to lose a PC or even an operating system. When a website is brought down by a virus, it cannot be quickly replaced like an operating system or  PC. In fact, the damage that is done can take months to repair, especially when you consider how many negative events can transpire as the result of a worm attack. The most obvious effect will be the loss of traffic that will be seen soon after the worm has infected your website.

Losing Traffic Due to Site Viruses

Website viruses are different than operating system viruses, as they are actually responsible for many of the local infections that end users experience. In other words, if you have a virus on your computer, it was most likely downloaded from a website that was carrying the virus. Most people don’t realize that many of these websites are not intending to give their visitors a virus, as they are a victim of the virus themselves. The virus attaches itself to the sites server and then uploads itself to all of the visitors’ computers. When this happens the visitors are quick to assume the site is unsafe, and thus will hesitate to return to the website. This can result in the loss of visitors in therefore business for a website owner.

Protecting Your Site From Viruses

To prevent the aforementioned issues, you should take the proper precautions to ensure the full safety of their website. One way you can do this is to use only secure web applications. Web applications often contain loopholes that lets hackers infiltrate the websites administrative interface and plant a virus. Another way to protect your site is to password protect all of your pages. You can do this in your hosting control panel. If you are having trouble with ensuring the safety of your website, it may be wise to consult with your web hosting provider for more info. Simply give them a call and ask them what kind of measures are in place to protect your website form worms, and ask thenm what you can do on your end to ensure maximum protection.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• March 18, 2011 – Securing Windows for Web Hosting Safety
• February 23, 2011 – Understanding Website Viruses
• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• October 16, 2009 – Major Threats to Business Website Security

Credit Card Fraud

The internet is a massive virtual marketplace, swarming with merchants, customers, and people who would like to take advantage of both the merchant and the consumer. The people looking to exploit any security fault they can are commonly referred to as “hackers.” Hackers see the web as an opportunity to  prey on the weaknesses of other individuals and companies. A vulnerable website makes an ideal target for these hackers, especially if the website is engaged in daily e-commerce. Many of them have access to highly advanced applications that are capable of telling them if there any “loopholes” they can exploit. Any online store they can find with a single security lapse will become a feeding ground for them, resulting in thousands of dollars stolen form your customer’s credit cards. Once the hacker has the credit card details of your customer’s, the situation becomes progressively worse. Of course, the customer is going to be inclined to believe that you are the thief, and they will not want to accept the fact that you are actually the victim. This kind of situation can result in lawsuits, and even the loss of your online business!

Bot Rings

Then there is the possibility of a horrid “DDoS attack.” A DDoS attack is a security exploit that is normally employed by criminals that are members of or have control of  “botnets.”  DDos stands for “Distributed Denial of Service.” A bot ring is a group of hackers, or programmed computer’s that are set up to carry out a specific task. A DDoS attack is executed by a botnet that continually floods the network with DDoS requests. As the network is flooded with requests, it slows down until ultimately traffic screeches to a halt. Even though the DDoS attack is one of the oldest online security exploits, it is still extremely difficult to prevent because of it’s organic and seemingly genuine nature. Once the server’s traffic has been affected the hacker then takes control of the server, using it as a puppet to find   other vulnerable servers. Once the hacker has gained control over several servers, they then begin their attack on the target of their choice.  To prevent your business from being a victim of one of these attacks, make sure you discuss this threat with any prospective web hosts, to be sure they are aware of this threat.

Malicious Software

Then there are the threats that pose a virtual risk to the web hosting providers. Hackers may attempt to attack a web hosts server or network with a malicious application designed to retrieve crucial information.  This malicious software is called “malware” ( a combination of the two words).  While server’s generally have more stringent security measures in place, they are still susceptible to the same threats that a personal computer may be faced with.  You can avoid these kind of security lapses by  ensuring that your prospective host takes the proper precautions to defend against all forms of malware. Do not be afraid to ask questions about the security measures they have in place, before hand.  It is important to remember that once the web host’s server is compromised to malware, every bit of information on the server can be accessed, including your web site’s financial data.

Related posts:

• February 26, 2010 – PHP and Common Web Hosting Security Issues
• January 23, 2009 – The Dangers of Insecure Web Applications
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• May 7, 2009 – Protect Your Site From Maliciously Activities
• January 13, 2009 – How to Find Secure Shared Hosting
• December 14, 2011 – Avira Antivirus Features
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• September 9, 2011 – Several Security Risks and How to Avoid Them

Though PCI standards were introduced to protect consumer information and ensure integrity across various industries, they have also introduced a new level of frustration for the smaller business that has a need to sell products or services online, but doesn’t possess the resources to meet compliancy.  There is a lot that goes into protecting sensitive card data and unfortunately, one too many organizations are not equipped to provide this protection.  Everyday, companies are scattering in attempts to gather the necessary resources to not only fend off attackers, but also keep the government out of their business.  Difficulties aside, PCI compliance is needed as threats are growing rapidly in terms of numbers and sophistication.

PCI-Friendly Hosting Features

Achieving compliance requires a multitude of security components.  Some of the essentials include:

Malware Protection – Malicious software such as viruses, worms, Trojans and keyloggers pose a direct threat to card data stored on any computer or web server.  Businesses are strongly advised to keep their systems protected with reliable solutions capable of detecting and eradicating the latest malware programs.

Firewall - A firewall provides an organization with the ability to control inbound and outbound traffic going to and from the system.  With the right configurations, it can halt malicious traffic and also help to prevent basic hacking attacks.

Intrusion Detection – Though very effective, a firewall can only do so much.  An intrusion detection system enables PCI compliance by detecting the presence of malicious activities that pose a potential threat to card data resting on the system.

Network Monitoring – Even with all the right security mechanisms, card data can still be at risk due to a wide range of circumstances.  This could related to hardware failure or a problem with a backbone provider.  Network monitoring allows companies to stay one step ahead of such issues by watching over the network and reporting its status to system administrators.

SSL Certificate System - SSL (Secure Sockets Layer) is a must-have security feature for any business that sells goods or services over the internet.  Credit card data is in jeopardy whenever transactions are made on any website that isn’t protected.   With an SSL certificate, businesses can ensure the protection of sensitive information as the protocol creates an encrypted tunnel for which credit card details to travel through.

Not all hosting providers make the commitment to aid in PCI compliance but more are getting onboard with the concept.  Those who are should be commended for their efforts to aid in business-friendly solutions that take the stress out of meeting these demanding standards.

Related posts:

• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 12, 2009 – The Essentials of E-commerce
• November 20, 2008 – Staggering Numbers on Website Vulnerabilities
• November 28, 2011 – Bit-Defender Internet Security Review
• September 1, 2011 – Premium Web Hosting and Security Features Available in the Public Domain
• July 29, 2011 – Is SSL Essential for eCommerce Sites?
• June 6, 2011 – Surviving Website Downtime
• March 3, 2011 – Three Ways Web Hosting Providers Secure E-Commerce Transactions
• February 25, 2011 – The Benefits of Using Multiple Domain Hosting for E-Commerce
• January 13, 2011 – Dedicated IP Web Hosting

What makes executable programs even worse is that many of them accept parameters such as a user name or email address, making them more vulnerable to exploitation.  Needless to say, the web was a lot safer some five to eight years ago when the internet phenomenon wasn’t as huge.  Today, hackers are highly skilled and more determined than ever.  They will do whatever it takes to break into home-based PCs, network servers, and even the applications on your website.  If your scripts are not probably secured, you stand the risk of losing essential data that can stir up all sorts of trouble.

Here are just a few examples of what can happen when your scripts are not properly secured:

Hijacking of your mail server: You may ask, “what’s the point?”.  The answer all boils down to legality.  Although you couldn’t tell on the surface, spam is illegal in most countries and if the authorities catch you doing it, you could find yourself in big trouble.  By hijacking the mail server, a spammer can use your domain to distribute mass mailings of spam.  When the authorities find out, it all leads back to you.

Hijacking of your website: Ever run across a family-friendly site and wondered why is was littered with pornographic images?  This my friend is website hijacking, more commonly known as defacing.  A poorly configured script can invite an intruder into your site, give them enough time to setup their own credentials and leave you out in the cold.

Attacks on other machines: Leave the door open for a hacker and they just might force you to participate in a strike against other machines.  Known as a DDoS attack, the hacker slips through your insecure script and installs a rootkit which opens a backdoor that gives them complete control over the server.  This could eventually cause problems for both you and your web host.

With the responsibility of administering the server, it is up to your web host to provide a secure environment.  As a webmaster however, it is up to you to make sure your web applications are properly scripted and secure.  Software can add instantly functionality to your site but if you’re not careful, it can also be your worst nightmare.

Related posts:

• December 15, 2009 – The Top 3 Web Hosting Security Issues
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• January 13, 2009 – How to Find Secure Shared Hosting
• September 30, 2011 – What the New User can Learn from the GoDaddy Account Hack
• September 23, 2011 – Keep Your Site Safe – Learn What Not to Do
• September 23, 2011 – A Look at Various Anti-Spam Packages
• September 21, 2011 – How To Deal With A Possible Intruder On Your Server
• September 9, 2011 – Several Security Risks and How to Avoid Them
• September 6, 2011 – Performing IP Filtering Through cPanel – A Brief Tutorial