Thursday, May 8, 2008

Tips for Secure Site



At the very least, an attack could disable your Website and embarrass your company. At the very worst, an intruder could shut down your online store and make off with your customers´ credit card numbers and personal data. No site is absolutely safe from attacks; if you're plugged into the Internet, there's always a chance that an intruder will find a way into your Web server.


There are some simple, commonsense steps you can take to help deter attacks and limit damages:

1. Use a firewall to shield your network. This is perhaps the single most important step you can take to protect yourself against crackers. If you don't know what a firewall is, or if you don't know how to select and configure one, hire someone who does. Many administrators keep their companies' Web servers separate from the rest of the network to provide extra protection against break-ins.


2. Require good passwords. As a rule, people shouldn't use dictionary words, names or other personal data for their passwords--they're too easy for an intruder to guess.


3. Limit server access. Only people who really need it should have access to the server. Even then, carefully control each user's level of access. And make sure you delete inactive users as quickly as possible.


4. Turn off unused services on your Web server. Consider getting rid of FTP, SendMail, gopher, NFS, finger and any other services that might help an intruder break into your server. Also remove shells and interpreters you don't need and delete unnecessary directories. For example, if you don't run Perl-based CGI scripts, remove the Perl interpreter from your server. Keep a complete backup of your website. And keep it on a separate, secure computer. If a vandal does manage to destroy or deface your Website, you'll be able to get a backup version up more quickly.


5. Check your system and Web logs for suspicious activity. Programs such as Tripwire for Unix systems and Internet Security Scanner for Windows NT can monitor your log files and alert you to any unusual behavior. Unusual log file activity might be the first--and only--warning that an intruder is trying to break into your system.


6. Keep your software up to date. Microsoft and all of the Unix vendors periodically issue updates and security patches to their operating systems and Web servers. Understand that different operating systems and Web servers offer different levels of security, and even the best software might not be secure when you buy it off the shelf.


7. Understand how to maintain your server and network. If you don't, hire someone who does or contract with a professional hosting service.


8. Get the right equipment and advice before opening an e-store. E-commerce sites require special protection because they handle customer credit card numbers and other sensitive information. If you open an online store, you'll need a server that supports encrypted connections and additional security measures. When you set up a commerce site, hire a consultant who specializes in Web security issues or pay for a hosting service to do the job for you.

No comments: