Online security is on everyone’s mind today. If it isn’t on yours, you’re living in a fool’s paradise, because someday, “they” will get you.
It doesn’t matter who “they” are – kids with scripts, hackers with global connections, or governments mining for data – what is important is that you should be aware “secure” data is anything but secure.
Almost every day there is a report in one country or another (understandably more often in the developed world) where millions of people’s information, both personal and financial, has been stolen from servers you would never, even in a 100 years, think could have been breached.
And so, you have to ask yourself (especially if you own a business website): What exactly are the major security concerns we face in web hosting today?
Well, here’s a list:
Passwords
Yes, as trivial as it may seem, one of the weakest links in online security lies in weak passwords. Apart from sheer common sense it can’t be emphasized enough that a secure password, although not guaranteeing 100% security, will make life difficult for would-be hackers.
Practices like sharing passwords, using common passwords (“password”, “12345678”, “qwerty”, etc.) and not keeping them in secure places lead to online attacks. And to be honest, it’s asking for it.
Opting for Windows Instead of Linux Hosting
Microsoft has been defending its operating systems’ security for years. Quite frankly, when properly used and all the security features are put in place, their operating systems are a joy to use.
But, the fact that Microsoft’s products dominate the global market has made the host servers the target of hackers and malware attacks. After all it is a bigger and, hence, a more tempting bulls eye.
Linux servers, on the other hand, are targeted by much fewer malware and more importantly very, very few of them have ever been breached. For now, Linux servers can afford to be smug.
Lax Client Access Monitoring
Shared hosting is one of the most often used choices of web hosting because it is the more affordable option. Personal and small business websites are almost always hosted using shared hosting packages.
Now, unless the hosting provider is very careful with the access it grants its clients, there is a very high chance of their running programs that can cause the downing of their allocated servers by using Perl, PHP and shell accounts to run Denial of Service (DoS) attacks.
Of course, whether or not the attacks are accidental or intentional is besides the points.
The Curse of a Shared IP Address
Another shortfall of sharing an IP address with a neighboring website (as is the case in shared hosting where multiple websites reside on one server) is that what happens to one site, happens to all.
If the IP address is attacked from outside, all the websites run the risk of being targets and victims. One website being blocked for spamming or being blacklisted for malpractice means all sites with that same IP address bear the brunt.
This can be a serious threat to a website that needs to project a “clean” image; an ecommerce site being a good example. No one would want to do business with a website that has been blacklisted or blocked.
Weakness in One Website Being a Weakness in All
A website without the necessary security features can allow hackers to get into the server and then cross over to other neighboring websites on a shared server. Similarly, a virus or Trojan that manages to get on the server through one website can lead to the compromise of all sites on the server.
Handing Data Over to Third Parties
As cloud computing becomes the preferred form of web hosting there is no denying the fact that it is a matter of trust that governs overall.
Website owners, and especially businesses, are entrusting the security and management of their data to third parties – the hosting providers. As secure as the data may be (via encryption, for example) there will always be some guy “over there” that will have access to it. His or her integrity will define how secure the business’ data is – a sobering thought if you happen to have very valuable data that someone would really love to access.
Cluelessness about Defense in the Cloud
Cloud computing is in its infancy and it is still growing and adapting. Smelling blood, hackers have been hard at work. In 2014, there was an increase in the number of attacks that were specifically focused on mining critical personal and financial data. This resulted in companies, big and small, losing billions of dollars and, more importantly, taking a huge hit in their customer confidence.
As more and more devices get connected to the internet, the weak points and the necessary steps and procedures that are required to keep them protected are still being figured out. In the case of the Internet of Things, a grand scheme of bringing various devices together, for example, the number of unknowns and weak points increases exponentially. Many of the attacks mentioned above were focused on end-point devices like cash registers, POS terminals and personal computers.
In the long run, securing these endpoints will be integral in keeping the cloud, as a whole, secure.