How Defended is YOUR Web Site? by Robin Nobles

How "Secure" is YOUR Web Site?

by: Robin Nobles

A few canicule ago, an adventure happened to me that has prompted the autograph of this article. Im abiding that if this is an affair for me and one of my Web sites, its an affair for some others.

With my claimed Web site, I use a nationally accepted Internet Host provider to host it. Theyve hosted my website for years, and I deceit absolutely accuse about their casework (except that you can rarely acquisition a absolute being to allocution to).

However, a few canicule ago, I capital to accord a acceptable acquaintance of mine, Dave Barry, admission to FTP into my Web website to download a accurate file. Rather than using an FTP program, he acclimated IE (Internet Explorer) to FTP into the site. The aberrant affair is, afore I even gave him my username and password, Dave was central the server area my website is hosted!

Dave said that the server, and any sites hosted on that server, were advanced accessible for attack. He was able to see the Arrangement 32 Directory, passwords, etc. The acceptable account for me is that Dave is a Certified Internet Web master Aegis Able Instructor, so he knows absolutely what hes talking about (and I dont).

He ran a address to appearance the vulnerability of my Web site. That address adumbrated that there were seven top accident vulnerabilities, four average risk, and two low risk. It aswell said that it was acute that I yield actual activity in acclimation the aegis issues of the network.

Now isnt this a abating thought, abnormally back Ive never questioned the aegis of my Web site? I use one of the top Web hosting firms in the country. This problem should NOT accept happened.

I contacted the hosting company, and theyre blockage into it. At one point, they said, A little added analysis on my allotment begin that bearding FTP is afield enabled on your website. Then, in a after e-mail, they afflicted their mind, I did bloomer endure night if I said that bearding admission was enabled, as I could not upload any files at all, admitting I could appearance some directories and files, clearly some almost banal arrangement data files.

Dave disagreed, and he promptly beatific me two files to prove how accessible and afraid the arrangement is. I beatific them those files as able-bodied as the aegis address Dave ran, and theyre continuing to attending into it. To date though, a anniversary later, they still anchorage t gotten aback with me on it.

In my case, admitting this is a actual advancing situation, it isnt the end of the world. I dont advertise annihilation on my Web website its there for advisory purposes only.

But, for those of you who infact advertise appurtenances or casework over the Internet, this could be a huge, and acutely distressing, problem. As Dave said, I could blast the absolute server in a amount of minutes. But, hes one of the acceptable guys cutting a white hat, not a hacker. Hes aswell amenable for 40+ Web sites through his company, all of which are acutely secure.

What can you do to assure your own Web site? Now that we understand how austere a problem this can be, lets attending at some means you can assure your Web site.

1. Acquaintance a aegis able like Dave Barry and accept him run a aegis analysis on your Web site. Appointment Computer Babysitter and complete the Chargeless Web site aegis report. Acquisition out what your Web website aegis vulnerabilities are, and apprentice what needs to be done to fix them. security-report.computer-concierge.com

2. If the aegis analysis on your Web website proves that you accept aegis issues, and if your host provider deceit accord you a analytic explanation, move your website to a altered hosting company. Im traveling to move my claimed website to Agitation Hosting, area aegis is a #1 priority, and area I can get claimed absorption and support. combustionwebhosting.com/products/secureplans/

3. Ask your accepted hosting aggregation about their aegis policies. Then, point them to this URL, which lists The Top 20 Alotof Analytical Internet Aegis Vulnerabilities. This account was aggregate by a account of aegis experts from the FBI and the SANS Institute. Admitting you may not be able to accept abundant of the report, your hosting aggregation will. Not alone does the address account the aegis risks, but it aswell gives solutions to the problems. www.sans.org/top20/

4. If youre a do it yourselfer, appointment the U.S. Administration of Energys website which offers a advertisement of accoutrement for aegis analysis. ciac.llnl.gov/ciac/SecurityTools.html

5. Or, accede Retina, which provides accomplished aegis software. www.eeye.com/html/index.html

6. SecureNet Solutions aswell offers articles that will run vulnerability letters for you. www.securenetsol.com/

The capital affair is to apprentice from my mistakes and dont be bent off guard. If youre using a hosting aggregation to host your Web site, create abuse abiding that the server and your Web website are secure. Appointment Computer Babysitter for a chargeless aegis audit. Then, go with a acclaimed hosting aggregation who places the absolute accent on security, like Agitation Hosting.

Remember: Your Web website is your online business. Dont you lock the aperture and defended the windows of your brick and adhesive business? Do you accept an anxiety system? Dont you anticipate its important to do the aforementioned with your online business?

About The Author

Robin Nobles is the Co-Director of Training of Seek Engine Workshops with John Alexander. They advise 2-day beginner, 3-day advanced, and 5-day all-embracing "hands on" seek engine business workshops in locations beyond the globe. She aswell teaches online seek engine business courses through www.onlinewebtraining.com, and shes a affiliate of Wordtrackers official catechism abutment team. With accomplice John Alexander, she s co-authored a alternation of e-books called, "The Absolutely Non-Technical Guides to Accepting a Acknowledged Web Site." And, they opened a networking association for seek engine marketers alleged The Apple Ability Centermost for Seek Engine Marketers.

robin@searchengineworkshops.com

This commodity was acquaint on August 03, 2004