Though they may sound hopelessly technical at first, the basic types of security issues are easy to understand, and once understood, easy (enough) to prevent.

Denial-of-service attack

One of the oldest tricks in the book is still one of the most commonly used.  The Denial-Of-Service attack (DDOS) consists of nothing more than flooding a web site with more requests than it can handle, effectively paralyzing the site so that it cannot be used by legitimate web surfers.

The reason that this type of attack still exists today is that it is surprisingly hard to deflect.  Done right, a single request from a DDOS doesn’t look noticeably different from a legitimate request.  It’s only in the volume of requests that the problem becomes apparent.  Furthermore once an attack is recognized the only way to shut it down without shutting out “real” traffic is to find a unique fingerprint on the requests and filter only that.  While this means that a lazy attacker can be stopped by simply blocking his IP address, a sophisticated attacker (or worse, dedicated group of hackers) can create a deluge of requests that is very difficult to differentiate.

The only real solution to this is to have a web host that is willing to stay with you and keep the barbarians from the gates.  A good host will.

Hacking by URL and buffer overflow

A web page’s URL is a common place to send the information to a web server that it needs to form new pages.  The problem is that this information often goes to a script which has privileges that, if hijacked by URL, could be used against the server itself.

A subset of this problem is the buffer overflow.  This is when a URL is sent that is too long for the web server to handle.  What often happens, depending on the server specifications, is that the remainder of the URL is sent to the server as a command, often run as “root” (the user set by default to have universal privileges).

What you need to do about this depends on what the operating system of your server is, but usually comes down to both making sure that your scripts are secured against this weakness and making sure that they are setup in such a way that, even if they are compromised, they don’t have the security permissions necessary to do anything nefarious.

Check with your web host

A security problem for a single user is potentially a security problem for all users, meaning that your web host doesn’t want it any more than you do.  Check their help documentation, and by all means, ask about anything that confuses you.  Their livelihood is on the line right along with yours, so they will always be glad to help you both feel more secure in your site.

Related posts:

• September 23, 2011 – Keep Your Site Safe – Learn What Not to Do
• September 13, 2011 – How to Keep Your Server Safe From Common Security Problems
• July 22, 2011 – LulzSec’s Hacking Career Slated to End
• June 2, 2010 – How to Protect an Apache Web Server from DDoS
• September 30, 2011 – What the New User can Learn from the GoDaddy Account Hack
• September 21, 2011 – How To Deal With A Possible Intruder On Your Server
• September 6, 2011 – Performing IP Filtering Through cPanel – A Brief Tutorial
• July 29, 2011 – Is SSL Essential for eCommerce Sites?
• July 21, 2011 – How to Combat a DDoS Attack
• June 10, 2011 – How to Prevent Domain Hijacking

This allows the client to use the software whenever and wherever they need for the length of the contract. The license can be for individual or group use. SaaS is often used for billing, invoicing, human resource management, service desk management and sales management.

Given the areas in which SaaS is mainly utilized, security issues could cause massive disruption and problems within an organization. There are two primary categories of security threats involved in SaaS systems. These two security categories include:

• Unauthorized access
• Physical peril

Unauthorized access is an extraordinarily high data risk. Due to the specific nature of SaaS; the storage of data on a remote server, the risk of unauthorized access greatly increases. When data is transferred over the internet or on a remote server, hackers have the ability to capture passwords, view data and make modifications.

Of course this is an issue with any type of remote access, but when billing information, invoices and human resource information is transferred, this information is more harmful and appealing to hackers. In many cases, the information is intercepted in stealth mode which means the company has no idea it even happened.

The second security threat category is physical peril. This occurs when data is physically destroyed. Destruction can occur from floods, fires, earthquakes, and other natural disasters. Although most servers have backups, there’s always a chance data can be unrecoverable. Again by accessing information remotely, it’s putting the data in the trust of another company.

These potential security issues seem threatening at first and are common on all servers that require remote access. Both businesses and individuals must be concerned with these issues when using most other types of hosting. Unfortunately due to the primary use of SaaS, more vital information is being sent and hosted by these applications making it  more dangerous for businesses.

There are network security features in place to prevent unauthorized access and backup server locations in case of a natural disaster. However, these potential security threats should play a large role in the decision to use SaaS for additional applications.

Related posts:

• November 4, 2009 – Introduction to SaaS Hosting
• September 9, 2011 – Several Security Risks and How to Avoid Them
• August 23, 2011 – The Newest Way to build eCommerce Solutions
• February 26, 2010 – PHP and Common Web Hosting Security Issues
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• August 25, 2009 – Layer Technologies Breaks Through on Inc. 5000
• June 4, 2009 – Mezeo Takes Part in Cloud Storage Gathering
• May 13, 2009 – Intermedia.NET Unleashes New Exchange Solutions

PHP

One particular programming language that is becoming increasingly popular amongst newer developers is PHP. PHP is perhaps the easiest programming language to use, and therefore often the most erroneously misused by inexperienced web programmers. PHP’s ease of use and minimal learning curve make it an optimal opportunity for any novice web developer to create software that is potentially insecure.

Insecure Web Applications

In the past hackers would infiltrate a network using any means possible, including using phishing techniques, identity theft, and any other method to compromise the security of a server or operating system. Now, the main focus has shifted to infiltrating the administrative interface of a website to gain access to online databases and server files.

The easiest way for most hackers to do this is to find a way in through one of many loopholes that exists in the site’s web applications. Web applications make the webmasters job easier and more convenient, however like many other tools that increase convenience, web applications come at a price.

Hiring Your Own Programmers

Since web applications have direct access to your site’s administrative functions, these web applications can be taken advantage of for nefarious purposes, and used to access your website’s control panel. This could prove to be disastrous, especially if you run an online business. For this reason it is best to avoid any new web applications that are built by unreliable sources. If you are planning on using a web application with a busy business website, you may want to hire a personal qualified developer to assist you in creating some custom web applications.

Related posts:

• December 15, 2009 – The Top 3 Web Hosting Security Issues
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 25, 2010 – The Most Prevalent PHP-Related Security Risks
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• December 11, 2009 – Are You Paying Too Much for Web Hosting?
• September 22, 2009 – Server Options for E-commerce Hosting
• September 19, 2011 – Get Out of the PHP Memory Error Rut with WordPress
• September 14, 2011 – Linux Web Hosting – What Makes it Click?
• September 9, 2011 – Several Security Risks and How to Avoid Them
• September 7, 2011 – An Overview of PHP-Based Content Management Systems Beyond WordPress

Credit Card Fraud

The internet is a massive virtual marketplace, swarming with merchants, customers, and people who would like to take advantage of both the merchant and the consumer. The people looking to exploit any security fault they can are commonly referred to as “hackers.” Hackers see the web as an opportunity to  prey on the weaknesses of other individuals and companies. A vulnerable website makes an ideal target for these hackers, especially if the website is engaged in daily e-commerce. Many of them have access to highly advanced applications that are capable of telling them if there any “loopholes” they can exploit. Any online store they can find with a single security lapse will become a feeding ground for them, resulting in thousands of dollars stolen form your customer’s credit cards. Once the hacker has the credit card details of your customer’s, the situation becomes progressively worse. Of course, the customer is going to be inclined to believe that you are the thief, and they will not want to accept the fact that you are actually the victim. This kind of situation can result in lawsuits, and even the loss of your online business!

Bot Rings

Then there is the possibility of a horrid “DDoS attack.” A DDoS attack is a security exploit that is normally employed by criminals that are members of or have control of  “botnets.”  DDos stands for “Distributed Denial of Service.” A bot ring is a group of hackers, or programmed computer’s that are set up to carry out a specific task. A DDoS attack is executed by a botnet that continually floods the network with DDoS requests. As the network is flooded with requests, it slows down until ultimately traffic screeches to a halt. Even though the DDoS attack is one of the oldest online security exploits, it is still extremely difficult to prevent because of it’s organic and seemingly genuine nature. Once the server’s traffic has been affected the hacker then takes control of the server, using it as a puppet to find   other vulnerable servers. Once the hacker has gained control over several servers, they then begin their attack on the target of their choice.  To prevent your business from being a victim of one of these attacks, make sure you discuss this threat with any prospective web hosts, to be sure they are aware of this threat.

Malicious Software

Then there are the threats that pose a virtual risk to the web hosting providers. Hackers may attempt to attack a web hosts server or network with a malicious application designed to retrieve crucial information.  This malicious software is called “malware” ( a combination of the two words).  While server’s generally have more stringent security measures in place, they are still susceptible to the same threats that a personal computer may be faced with.  You can avoid these kind of security lapses by  ensuring that your prospective host takes the proper precautions to defend against all forms of malware. Do not be afraid to ask questions about the security measures they have in place, before hand.  It is important to remember that once the web host’s server is compromised to malware, every bit of information on the server can be accessed, including your web site’s financial data.

Related posts:

• February 26, 2010 – PHP and Common Web Hosting Security Issues
• January 23, 2009 – The Dangers of Insecure Web Applications
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• May 7, 2009 – Protect Your Site From Maliciously Activities
• January 13, 2009 – How to Find Secure Shared Hosting
• December 14, 2011 – Avira Antivirus Features
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• September 9, 2011 – Several Security Risks and How to Avoid Them

Intermedia CEO Serguei Sofinski explained that the company’s new offerings will help customers address two of the biggest problems faced by small to medium sized businesses today: excessive downtime and security issues.  Sofinski says the new solutions will allow its customers to effectively harvest the true value from their assets without the risk of loss productivity.

Here is a rundown on Intermedia’s new solutions:

Business Continuity

The Intermedia Business Continuity solution has been tailored to provide high availability by permitting customers with on-premise Exchange servers to use its servers to access their messages when the in-house servers go down.  Unlike standard dial-tone solutions, this offering is Exchange-based and allows complete access to user mailboxes.  This means that customers can enjoy 14 days of message history, contacts, calender appointments and more even if their server should fail.

ContentSync

A proprietary application developed by Intermedia, ContentSync is a software tool that synchronizes its Business Continuity Exchange servers with on-premise Exchange servers, providing customers with real-time access to their data in the event of a failure.  This solution doesn’t call for any software or hardware installations, configuration or management, making it possible for business customers to have the high availability that would normally be cost prohibitive at a more affordable price.

SpamStopper

SpamStopper is the second part of Intermedia’s Exchange solution.  This hosted service puts an emphasis on security with spam filtering, anti-virus and anti-phishing tools for small businesses with their own on-premise Exchange server.  Intermedia says that SpamStopper is able detect potentially harmful mail with an accuracy rating of greater than 99%.  The solution is also integrated with a feature called Zero-Hour Virus Outbreak Detection to protect networks from newly released strains of malware.  Thanks to SpamStopper, Intermedia customers can stay one step ahead of the unscrupulous coders writing infectious virus, worm and Trojan programs.

Price and Availability

Both of Intermedia’s new solutions have been made immediately available and can be easily incorporated into customers’ existing on-premise Exchange servers.  Business Continuity starts from $5 a month per user while the SpamStopper solution is available for $50.  The latter is a one-time fee for the first 50 users and an extra 50 cents a month for each additional user.

About Intermedia.NET

Intermedia.NET is a Microsoft Gold Certified partner that has been specializing in the hosting business for more than 10 years.  Its solutions are geared towards small to medium sized businesses looking for enterprise-class technology attached with low monthly fees, no up-front investment and industry-leading technical support.  Aside from Microsoft Exchange hosting, Intermedia provides a variety of traditional web hosting services designed for small and mid-sized companies.

Related posts:

• April 13, 2011 – Using Captcha Scripts to Prevent Spam
• January 20, 2012 – Data Backup and Recovery Solutions
• January 3, 2012 – Battle of the Giants: Linux and Windows Compared
• December 14, 2011 – Avira Antivirus Features
• November 28, 2011 – Bit-Defender Internet Security Review
• November 19, 2011 – A Dark Cloud: Anonymity and Privacy Fall Further Before a Cloud Computing Experiment
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• November 11, 2011 – DARPA: The Internet’s Midwife
• October 5, 2011 – Security Aspects to Watch for in Your Server Logs
• September 23, 2011 – Keep Your Site Safe – Learn What Not to Do