|
Online Access
The Internet is the "network of networks" that makes it all possible for two or more parties to communicate and conduct business across the globe. For web hosting companies, to allow users to access their client's web site, they must design their network to be an open system. This type of open system can easily be taken advantage of if the servers or network are not configured properly or don't have security measures in place.
Firewalls and intrusion detection applications are essential to prevent determined computer hackers from accessing your web data with ill intent. The purpose of firewalls is to form a shield-like barriers over the your web hosting company's internal network. Connections' meeting certain polices or conditions are the only ones that are allowed through the firewall eg specific port(s) or IP subnet.
Intrusion detection software monitors the system if any attempts are made to break through the network. The goal of intrusion detection applications is to provide advance warning to system administrators of potential security risks, and also the pattern intruders are using to attack and test the network.
If you have any intentions to send information or data securely between two or more parties over the Internet or any public network, then we suggest you make sure your web hosting provider supports SSL (Support socket Layer). SSL is an industry recognised and supported protocol, and offers a secure communication channel for data transfers. Data from the sender is encrypted (data which is scrambled through the use of an mathematical algorithm) and is only decrypted on the receiver's side. This is a must-have for the conduct of electronic commerce and payment systems.
Policies and Procedures
The purpose of security policies and procedures provide the foundation for all security related activity. Web hosting companies who adopt some form of security policy or/and procedures display credibility in dealing and responding to security issues. As you browse the web site of most web host providers, you will soon notice their claim to have secure servers and networks. However, when you examine closely, there is rarely any web hosting provider who describes or states they have developed security polices or procedures to re-enforce their claim. Bear in mind, there is no such concept as a "secure server or/and network".
General security policies define how the web hosting company should adopt and implement standard directives that will affect the whole organisation. For instance, who should be given access and who should be denied? The standard provides a common platform for all in the organisation to follow so if something went wrong they can fix it by tracing the guidelines in the policies or executing them. Examples of security polices include system audit logs should be maintained and stored for 2 years; passwords will be constructed and managed following current best practice; or system X should not be available for more than 24 hours. Policy guidelines reflects the determination a web hosting company will go to protect you and your web site.
Procedures are often the predefined steps in response to certain events. Security procedures enable a web hosting company to respond readily to situations that may arise. For example, if an intruder is found on a server, there is standard procedure to carry out by system administrators or onsite system engineers to counter-measure such intrusions. With procedures in place, they can quickly respond and reduce the exposure the hosting company is vulnerable to and minimising the security risk of your web data.
|
