Barbarians at the Gate:
Is Your Web Host On Guard?
If you’ve been living on Earth for the past few years you know that, just as there are criminals in the real world, there are also criminals in the virtual world of the w3. They’re called hackers, crackers, script kiddies and much worse, but as a group, they’re known as black hats, a reference to the old movie cliché that bad guys in westerns always wore black hats.
These black hats are organized. There’s a community that shares information – anything from network access codes to downloadable software that allows even a novice (script kiddie) to hack into a network and do all kinds of damage.
Here’s the problem: your business system can have every security gizmo loaded and fully operational. But what about your hosting service? Hackers can screen thousands of networks quickly with automated software and if the black hats locate a weakness on the server side, they’re in. And your site is now at increased risk.
Your Site is Your Castle
Think of your site as a castle, in need of protection from marauding bands of barbarians. So, you build an impenetrable wall of security using both hardware and software to keep the barbarians at bay.
Then, surrounding your walled castle is a second wall built by the web host. So your castle should be pretty safe with two separate walls, right? If you install good security software, you’ve built wall number one. If your web host installs state-of-the-art security, you’re business is doubly safe, protected by two walls.
Entry Points
Let’s continue using the castle analogy. In order for commerce, i.e. business, to take place, people must be free to exit and enter the castle through one or more heavily guarded gates.
In the digital realm, gates are simply legitimate access points into a network or an individual computer. And there are lots of them. The most obvious is email. You get email everyday, some of which is from people or organizations you’ve never heard of. Simply by sending a legitimate looking email, the barbarians breached all of the security you and your web host have in place. Of course, that’s why you never open an email from someone you don’t know.
Black hats know these entry points and devise schemes and scams to weasel their ways through the gateways to the castle. And, if you should open a suspicious email, all the security software in the world may not stop whatever digital horror you’ve unleashed.
Exploitation Points
Exploitation points are usually weaknesses in a particular software that can be used and manipulated by hackers to serve their evil ends. The problem is that many software applications aren’t developed with security in mind. They’re designed to manage data, execute stock trades automatically or perform some other time-saving function. Hackers know this. The information is shared on hacker sites. (Yes, they exist.) So, using weaknesses in non-security software, hackers can circumvent even sophisticated security systems.
And the Danger Is?
Digital dangers come in a variety of forms and more are being developed as you’re reading this. It’s an on-going battle between white hats and black hats and the barbarians are always just outside the gate.
The danger is a malware injection. Malware is any software program that harms your host network or individual computer. Malware includes:
Viruses which can spread like, well, like viruses. These nasty little programs can obliterate an entire operating system in about 10 seconds and shut down a network for days while the computer doctors try to find the cure.
Backdoors are hidden openings used by the hacker to enter and exit your site undetected. These hackers have the same user privileges you have, meaning they can access customer data (including credit card numbers), bank accounts and all of the other sensitive data you have stored on your hard drive.
Trojans operate like the Trojan horse of mythology. They pass through security unscathed, only to release malware at the whim of the hacker. Maybe today. Maybe a month from now. The thing is, you won’t even know the danger is present.
XSS (cross site scripting) attacks enable hackers to access your site and leave data that will get you slammed by search engines. It’s a sneaky way to get rid of the competition. Here’s an example.
Search engines hate anything that smacks of deceit – like invisible text. Place blue text against a blue background and it’s invisible to humans but easily read by SE spiders. So along comes a spider who discovers this invisible text placed their by an unscrupulous competitor and bang – your hard-earned PR is destroyed. Sites have actually been gray-barred (banned) from Google through no fault of the site owner.
The Solution? Quality Web Hosting
You get what you pay for. So, if you go with a free web hosting service your site is going to be overloaded with banners from the host and you home page is going to look like a used car lot! With free hosting, you have no control over what appears on your site and you have no control over the quality and scope of the security software employed by the bargain basement web host.
Hosting companies that recognize that protecting their clients is, in fact, protecting their own business, provide as much security as possible – both software and hardware with layers of redundancies. If any security measure fails, there are three more to take its place. Very frustrating to hackers.
Quality web hosting provides the highest levels of network security. All web hosts are not created equal. Some provide a bit of security and hope for the best. Others build “hardened” host servers with custom designed, pro-active security software configured precisely to the host’s hardware and software.
And What Can You Do?
A couple of things. First, harden your business computer or computer network to build that inner wall protecting the castle. There are lots of security software applications from which to choose and most deliver good levels of security and free updates with your subscription.
Next, only use software recommended by or offered by the web host to actually build and manage your site. The techies at quality hosts know the exploitation points of various software as well as the hackers. So, they recommend or provide software (some provide it for free) that configures with the host’s in-place security measures.
Finally, if you aren’t sure that your site design, management, SEO and marketing software are properly configured, contact the web host’s client support staff. They’ll be able to either put your concerns to rest, or provide simple directions to properly configure your software to deliver the highest levels of security.
The difference in price between free hosting and quality hosting isn’t that significant. You can find secure, all-in-one hosting packages for less than $7.00 a month. That’s nothing when you’re starting an on-line business. But it’s everything when it comes to protecting your business.
So, ask your current web host what security measures it has in place. Ask them if you’ve plugged all of the exploitation points hackers might use to gain access to your site or to the host network. A good host will work with you to strengthen the security of the entire network.