How "Secure" is YOUR Web Site? by Robin Nobles
A few days ago, an incident happened to me that has prompted the
writing of this article. Im sure that if this is an issue for me
and one of my Web sites, its an issue for many others.
With my personal Web site, I use a nationally known Internet Host
provider to host it. Theyve hosted my site for years, and I
cant really complain about their services (except that you can
rarely find a real person to talk to).
However, a few days ago, I wanted to give a good friend of mine,
Dave Barry, access to FTP into my Web site to download a
particular file. Rather than using an FTP program, he used IE
(Internet Explorer) to FTP into the site. The strange thing is,
before I even gave him my username and password, Dave was inside
the server where my site is hosted!
Dave said that the server, and any sites hosted on that server,
were wide open for attack. He was able to see the System 32
Directory, passwords, etc. The good news for me is that Dave is a
Certified Internet Webmaster Security Professional Instructor, so
he knows exactly what hes talking about (and I dont).
He ran a report to show the vulnerability of my Web site. That
report indicated that there were seven high risk vulnerabilities,
four medium risk, and two low risk. It also said that it was
imperative that I take immediate action in fixing the security
issues of the network.
Now isnt this a comforting thought, especially since Ive never
questioned the security of my Web site? I use one of the top Web
hosting firms in the country. This problem should NOT have
happened.
I contacted the hosting company, and theyre checking into it. At
one point, they said, A little further research on my part found
that anonymous FTP is erroneously enabled on your website. Then,
in a later e-mail, they changed their mind, I did misspeak last
night when I said that anonymous access was enabled, as I could
not upload any files at all, though I could view some directories
and files, evidently some relatively innocuous system data
files.
Dave disagreed, and he promptly sent me two files to prove how
vulnerable and insecure the system is. I sent them those files as
well as the security report Dave ran, and theyre continuing to
look into it. To date though, a week later, they still haven't
gotten back with me on it.
In my case, though this is a very disturbing situation, it isnt
the end of the world. I dont sell anything on my Web siteits
there for informational purposes only.
But, for those of you who actually sell goods or services over
the Internet, this could be a huge, and extremely distressing,
problem. As Dave said, I could crash the entire server in a
matter of minutes. But, hes one of the good guys wearing a
white hat, not a hacker. Hes also responsible for 40+ Web sites
through his company, all of which are extremely secure.
What can you do to protect your own Web site? Now that we know
how serious a problem this can be, lets look at some ways you
can protect your Web site.
1. Contact a security expert like Dave Barry and have him run a
security audit on your Web site. Visit Computer Concierge and
complete the FREE Website security report. Find out what your Web
site security vulnerabilities are, and learn what needs to be
done to fix them. http://security-report.computer-concierge.com
2. If the security audit on your Web site proves that you have
security issues, and if your host provider cant give you a
logical explanation, move your site to a different hosting
company. Im going to move my personal site to Combustion
Hosting, where security is a #1 priority, and where I can get
personal attention and support.
http://combustionwebhosting.com/products/secureplans/
3. Ask your current hosting company about their security
policies. Then, point them to this URL, which lists The Top 20
Most Critical Internet Security Vulnerabilities. This list was
compiled by a list of security experts from the FBI and the SANS
Institute. Though you may not be able to understand much of the
report, your hosting company will. Not only does the report list
the security risks, but it also gives solutions to the problems.
http://www.sans.org/top20/
4. If youre a do it yourselfer, visit the U.S. Department of
Energys site which offers a listing of tools for security
analysis. http://ciac.llnl.gov/ciac/SecurityTools.html
5. Or, consider Retina, which provides excellent security
software. http://www.eeye.com/html/index.html
6. SecureNet Solutions also offers products that will run
vulnerability reports for you. http://www.securenetsol.com/
The main thing is to learn from my mistakes and dont be caught
off guard. If youre using a hosting company to host your Web
site, make darn sure that the server and your Web site are
secure. Visit Computer Concierge for a free security audit. Then,
go with a reputable hosting company who places the utmost
importance on security, like Combustion Hosting.
Remember: Your Web site is your online business. Dont you lock
the door and secure the windows of your brick and mortar
business? Do you have an alarm system? Dont you think its
important to do the same with your online business?
About the Author
Robin Nobles teaches 2-, 3-, and 5-day hands-on search engine
marketing workshops thru http://www.searchengineworkshops.com in
locations across the globe as well as online courses at
http://www.onlinewebtraining.com/. Robin's partner, John
Alexander, recently published an e-book titled, Wordtracker
Magic," at http://www.wordtracker-magic.com (which offers great
tips for helping you learn how to focus on your target audience.)
<< Home