Blog Header Banner

Archive for the ‘secure web site security’ tag

Simple Steps to Secure Your Website   no comments

Posted at Feb 21, 2017 @ 9:53am Web hosting

Secure Website

If you run a personal or business website then it’s vital you take steps to secure your website and protect it from hackers. Criminals have many reasons for wanting to gain unauthorized access to your content, and all of them will impact you and your business in a negative way. By following the steps below, you will not only keep your website and data safe, but also your business.

 

Renaming Directories

When hackers want to take control of your website and to cause damage, they will search for your administration directories. If they can locate them, then the hackers can steal your login details or give themselves access. Many programs are available that will scan websites to find administrative credentials, and you can protect yourself by renaming your directories.

Although this step might seem small, don’t get tempted to overlook it because you must do everything that you can to stay safe. The name that you give your directories is not important as long as you know how to access them when you need to make changes.

 

Complex Passwords

Hackers will sometimes use brute force software to access your administration panel, and they can do anything they want from there. The brute force software works by repeatedly entering different numbers and letters into the username and password fields until it finds the correct combination. You can protect yourself from such attacks by using strong passwords that contain letters, numbers and special characters.

Although it’s still possible for hackers to use brute force software to break into your website, they are not likely to succeed. A complex password can resist a brute force attack for several thousand years before the correct combination is discovered. Unless your website contains extremely sensitive data, the hackers will likely move on to an easier target.

 

Encrypt Your Important Files

Many people store files on their website as plain text, and that makes it easy for hackers to steal and read the information. The problem becomes that much worse when the data contains the credit card numbers of your customers. You can add an extra layer of safety by encrypting your files so that they become all but impossible to read.

An encryption program works by scrambling a file until it’s unreadable, and only the person with the correct decryption key can reverse the process. If your important files are encrypted, hackers will not be able to see them even if they gain access to your website.

 

Update

One of the ways that hackers gain access to a website is by looking for software vulnerabilities. They will reverse engineer software and scripts to find methods to take control of your content and to view your files. To combat that problem, software developers consistently release updates for their programs, which address known weaknesses.

But some webmasters are still reluctant to update their sites because they don’t want to experience any downtime. When you choose not to install recent updates, you are inviting criminals to exploit you and your users. Ensure that you are always using the latest scripts when your goal is to safeguard your website.

 

Backup

When protecting your website data is your No. 1 goal, utilizing a backup solution is a must. However, If all of your files and backups are stored on the same server, you risk losing everything if that server gets destroyed or compromised. The good news is that you can combat this problem by utilizing a Cloud Backup solution. This option involves uploading the data that you want to protect to ‘The Cloud’ – a cluster of servers located in a remote, secure datacenter.

 

Running a business can be very demanding and it may not leave you with enough spare time to regularly maintain your website’s security. If this scenario sounds familiar, your best bet may be to switch to a Managed web hosting solution. TurnKey Internet offers a complete all-inclusive fully managed service that lets you focus on your customers while running your business – leave the infrastructure, software updates, security, backups, and uptime to us. We provide a turnkey solution that employs a unique combination of Application and Network Engineers, deep-level performance monitoring and on-going guidance to maintain and optimize your cloud-based hosted infrastructure. You get all-access to our Support and network Engineers – far more cost-efficient than hiring, onboarding, and building your own team of tech gurus. As technology changes daily, we’ll keep your systems secure and up-to-date, while you focus on your business

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on February 21st, 2017

Tagged with , , ,

DROWN Attacks – Web Encryption No Longer Safe – Is My Web Site at Risk?   no comments

Posted at Apr 28, 2016 @ 9:07am Web hosting

drown-attackEncryption fills the headlines with stories of APPLE and decoding iPhones – but with all the security challenges and cyber threats today – its getting hard pressed to have a web site, computer, or mobile device and not realize your data is as private as you once thought.  Encryption is what protects (hides) the details of what we do online certain web sites – keeping your private banking or purchasing data (or online traffic hidden) from prying eyes.  But last month a new threat called DROWN was publicized that essentially made it so many web sites you shop, visit or utilize that you thought were secure and private via their https SSL encrypted access turned out to not be so private.

DROWN, standing for Decrypting RSA with Obsolete and Weakened eNcryption, is an xample of a cross-protocol attack that exploits weaknesses in the widely used online encryption protocol, SSLv2.  Using weaknesses in the SSLv2 implementations against TLS (transport layer security) hackers can “decrypt passively collected TLS sessions from up to date clients.” Or in simpler terms, hackers and anyone can see what you are doing, your personal details, and more when you thought you may of been protected by that SSL ‘lock’ protected symbol next to the web site you were shopping or visiting.

TLS is probably the most important security protocol on the internet.  Almost every action you take on the internet relies on the use of a TLS version.  Not just you accessing a web site, but a lot of the back behind the scenes things like email transmission, to database connections, to sending files between servers for backups.

Fortunately, the latest versions of OpenSSL do not utilize SSLv2 connections by default.  However, if your certificate or key is being used in another location on a server that supports SSLv2, you could be at risk.  For example, the mail service (POP, IMAP, SMTP connections).

A DRWON attack would be able to decrypt HTTPS connections, sending specifically designed packets to another server.  If the certificate is on more than one server, it is possible a MitM (man in the middle) attack can be successful.

Isn’t SSLv2 depreciated?  Why is this still a threat?  In the early 2000’s SSLv2 was still supported by browsers, to be used as a fallback protocol.  An attacker could easily trick the browser into using an older protocol.  Thankfully, this is no longer an issue if you are using a recent version of your web browser.

While browsers are no longer supporting SSLv2, most servers still do.  Most servers are configured to use both TLS and SSLv2.  This means both protocols would use the same RSA private key.  Therefore, any bugs in the SSLv2 protocol that use the private key, potentially could affect the security of TLS.

While this all may sound a little scary, as most security vulnerabilities are.  TurnKey Internet takes all security avenues very seriously.  Our web hosting servers and software are always kept up to date.  If your account is on any of our shared hosting packages, you have nothing to worry about.  Just in case, you want to test your sites security against DROWN or the server your account is hosted on.  Please feel free to do so here – https://drownattack.com/#check  You will need to use the IP address your site is living on and not your domain name – which you can easily find by using a DNS lookup service such as http://www.getip.com/.

If you need assistance finding your web sites IP, or reviewing your security  please send us a support ticket (helpdesk@turnkeyinternet.net) and we would be happy to tell you.

 

 

 

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram