With
more and more websites allowing visitors to input their personal
details to some extent, it is important for web hosting companies to be
able to adapt their web hosting policies to ensure that their servers
and customers are protected against any new security threats
that arise. There are many different factors that can affect how secure
a web hosting service and it is the job of web hosting companies to
analyze their infrastructures to identify any holes that could be
potential security risks. If you are a shared hosting customer then you
have to rely on your web hosting provider to offer you a good level of
security and for this to work a certain level of trust between the two
parties is required; as for VPS server hosting and dedicated server hosting
customers, you are responsible for the security of your own web hosting
environment because you have a dedicated hosting environment meaning
that you need to be well versed in server management to be able to secure your server
to a level that will prevent hackers from being able to hack it and
cause any damage. In order for visitors to enter their person details
into your website, it is up to you to take the measures to guarantee
trust between you and them as this is the only way that you are going to
get people enter their details into your website.
Server-Level Security
The most basic form of web hosting security takes place at the server
level because this is where all of the software that is going to be
required to prevent the most serious attacks such as DDOS attacks and
hackers trying to gain access through compromised scripts will be
hosted. There are many different applications and firewalls available
that will prevent hackers from gaining access to your server using open
ports and applications that have holes that could be easily compromised;
one of the most popular is CSF (ConfigServer Firewall) which is a Linux
application capable of protecting any Linux server to a high level,
whilst those using Windows servers will be able to make the most of the
server protection that is available by using the Windows Firewall that
comes with the Windows operating system by default. As a shared hosting
customer this should be taken care of by any good web hosting provider,
but as a dedicated web hosting customer you will be expected to be able
to secure your own server.
Website and Coding Security
As a web developer it is your responsibility to make sure that all
applications that you develop are done so to a high standard to prevent
hackers from being able to hijack a web hosting account or a web hosting
server through a hole that has been left in your web application due to
poor coding. SQL injections are one of the most popular forms of
website hacking and although they may not necessarily put the hosting
server at risk, they can be used to hack the actual website and to
access the data that is stored in your backend database. If you are
storing the personal details of your visitors or customers then hackers
could have a field day because certain personal information such as
credit card details have value meaning that they can be sold on, thus
allowing hackers to profit from their work. When developing web
applications using PHP or ASP.NET, or any language for that matter, it
is important to ensure that you use all of the latest functions
available to handle the data that is entered into your website to
guarantee that it can’t be compromised in any way at the frontend. SSL
certificates can also be used to encrypt any information that is sent
between your hosting server from your website and your visitor’s
computers; many web browsers prominently display the fact that a website
has an SSL certificate and they are increasingly becoming a source of
trust for visitors because they know that their data is going to be
handled and processed safely.
Looking After Your Personal Information
Although web hosting companies will have to keep your personal
information private because of the Data Protection Act and the fact that
you don’t want unauthorized individuals having access to your
confidential details, if you are to register a domain name then you
could risk having your personal details such as your name and address
put into the public domain. All domain network controllers, known as
NICs (Network Information Centres), run their own public WHOIS databases
that host the personal details of the owners of individual domain names
under the specific TLD (Top Level Domain); for example, Nominet
(nic.uk) is the NIC for all domains that fall under the “.uk” TLD. With
most NICs you are required to have your details posted publicly
regardless of what your legal standing is, although some will allow you
to hide your personal details if you are in fact a private individual
who has registered the domain solely for your own use. Some domain name
registrars and web hosting companies can provide you with a premium
service that will allow you to hide your personal data from being
displayed on any WHOIS database and instead will display their own
private details; although you usually have to pay extra for domain
privacy, for some people it can be worth it for the peace of mind that
it can provide.
In conclusion, the security of web hosting packages as well as your
own personal information are two key considerations to remember when
choosing a web hosting provider, but more importantly the form of web
hosting that you are going to be using to meet your web hosting
requirements. In this day and age there are many precautions that can be
taken to minimize any damage that could be done if a hacker does manage
to gain entry to a server that hasn’t been secured properly, but the
threats available are changing daily and are adapting to fight the new
technologies that are being developed to stop them.
"Remember Me When You Raise Your Hand For Dua"
Raheel Ahmed Khan
System Engineer
send2raheel@yahoo.com
send2raheel@engineer.com
sirraheel@gmail.com
send2raheel (skype id)
My Blog Spot
http://raheel-mydreamz.blogspot.com/