Round Tale
Web Hosting news and views!
0
(The Hosting News) – GlobalSign today announced the availability of its leading Digital Certificate and SSL products through the launch of a new dedicated Canadian website (globalsign.ca). With language options for sales and support now available in both English and French, GlobalSign can support its growing Canadian customer base and partner network.
As expansion in e-commerce and web service deployments continue to accelerate in Canada, more and more online businesses are in need of security solutions to protect their websites, online data, and intellectual property and ensure they are safe from phishing attacks and online fraud. The most common protocol used today is the Secure Sockets Layers (SSL) which essentially provides a secure channel between two machines operating over the internet or internal network. The SSL market in Canada experienced growth of over 20% during the last year, becoming the sixth largest market for SSL Certificate usage worldwide.*
GlobalSign’s Canadian web site will have both English and French language content available to aid Canadian customers in deploying the strongest SSL security and associated services. By launching a website catered directly for Canadian customers, GlobalSign aims to help protect individuals and organizations against ever growing online security threats by supporting new customers and educating them on how to look for strong website security. GlobalSign is also aiming to contribute to overall SSL market growth and following recent industry upheavals will seek to attract customers who are apprehensive about their existing SSL provider and seeking a more stable alternative.
GlobalSign will be offering its full range of SSL Certificates via the new website, including fast issuance Domain Validated SSL and the most advanced Extended Validated (EV) SSL Certificates, which activate the green address bar in new high security browsers such as IE, Firefox, Opera, Chrome and Safari. Customers will be able to easily and conveniently purchase SSL to secure their websites, online transactions, web mail and other next generation online services using GlobalSign’s highly trusted and future-proof technology. All GlobalSign Certificates include Server Gated Cryptography (SGC) (to “step up” weak browser-to-server-connections to strong encryption levels), have the option of including additional premium features (for example, Subject Alternative Names (SANs) and wildcard characters to allow the securing of multiple domain names, sub domains, IP addresses or hostnames with a single Certificate). All Certificates are issued from GlobalSign’s 2048 bit Certificate Authority Root, pre-installed in all browsers, operating systems and mobile devices.
“Launching a localized suite of services for the Canadian market and catering to Canada’s language requirements further proves GlobalSign’s ongoing commitment to our global customers,” said Motto Noda, CEO, GMO GlobalSign Inc., “This expansion will improve sales and support services for our existing Canadian customers and offer a much needed alternative to the standard market players.”
GlobalSign SSL Certificates are currently available to order in English or French at http://www.globalsign.ca
*Source: netcraft.com
Source: GlobalSign Expands Offerings into Canada
(The Hosting News) – GlobalSign today announced the availability of its leading Digital Certificate and SSL products through the launch of a new dedicated Canadian website (globalsign.ca). With language options for sales and support now available in both English and French, GlobalSign can support its growing Canadian customer base and partner network.
As expansion in e-commerce and web service deployments continue to accelerate in Canada, more and more online businesses are in need of security solutions to protect their websites, online data, and intellectual property and ensure they are safe from phishing attacks and online fraud. The most common protocol used today is the Secure Sockets Layers (SSL) which essentially provides a secure channel between two machines operating over the internet or internal network. The SSL market in Canada experienced growth of over 20% during the last year, becoming the sixth largest market for SSL Certificate usage worldwide.*
GlobalSign’s Canadian web site will have both English and French language content available to aid Canadian customers in deploying the strongest SSL security and associated services. By launching a website catered directly for Canadian customers, GlobalSign aims to help protect individuals and organizations against ever growing online security threats by supporting new customers and educating them on how to look for strong website security. GlobalSign is also aiming to contribute to overall SSL market growth and following recent industry upheavals will seek to attract customers who are apprehensive about their existing SSL provider and seeking a more stable alternative.
GlobalSign will be offering its full range of SSL Certificates via the new website, including fast issuance Domain Validated SSL and the most advanced Extended Validated (EV) SSL Certificates, which activate the green address bar in new high security browsers such as IE, Firefox, Opera, Chrome and Safari. Customers will be able to easily and conveniently purchase SSL to secure their websites, online transactions, web mail and other next generation online services using GlobalSign’s highly trusted and future-proof technology. All GlobalSign Certificates include Server Gated Cryptography (SGC) (to “step up” weak browser-to-server-connections to strong encryption levels), have the option of including additional premium features (for example, Subject Alternative Names (SANs) and wildcard characters to allow the securing of multiple domain names, sub domains, IP addresses or hostnames with a single Certificate). All Certificates are issued from GlobalSign’s 2048 bit Certificate Authority Root, pre-installed in all browsers, operating systems and mobile devices.
“Launching a localized suite of services for the Canadian market and catering to Canada’s language requirements further proves GlobalSign’s ongoing commitment to our global customers,” said Motto Noda, CEO, GMO GlobalSign Inc., “This expansion will improve sales and support services for our existing Canadian customers and offer a much needed alternative to the standard market players.”
GlobalSign SSL Certificates are currently available to order in English or French at http://www.globalsign.ca
*Source: netcraft.com
Perhaps the most important aspect of operating an online business is keeping your investments secure at all times. The internet is a very dangerous place, especially for business that conduct hundreds or thousands of dollars in eCommerce each and every day. Having a secure website not only prevents the loss of profits, but it also boosts sales as your customers will be more confident when shopping with you if they know that your site is safe.
Considering that most hackers spend hours every day trying to find new exploits, hacking into sites and looking for opportunities to steal cash form hard working business owners, you need to put forth the same effort to protect your website. Since most do not have the time to work around the clock in keeping their website secure, you need a web hosting company that offers state-of-the-art server security. There are however some things that you can do to protect your website from hacking attacks.
Firewalls
Many people overlook the importance of securing their operating system when dealing with their website’s security. Having a strong firewall is very important to the security of your operating system, and your website. When you upload information from your hard drive to your website, it can be intercepted if you do not have a solid firewall protecting you from the outside world. There are many firewalls available, and your web host will often have one setup on your server by default. However, it is best to have a high quality firewall set up on your server and your operating system for maximum security.
Securing Your Login Credentials
When security experts talk about keeping your website protected, they are actually referring to securing the control interface of your website, as this is the area that can be used to hijack or destroy your website if accessed. When a hacker gains access to your administrative interface they are capable of executing any task that you as an administrator could do. This means they can upload content, delete content, and even steal your entire domain by transferring it another host! Thus, the first line of defense is having a strong password. Make sure your password is at least 8 characters long, with two special symbols and two upper case letters. The best way to create a secure password is to use a password generating software. You can find these online for free, and they generate highly secure passwords at the click of a button.
Strong Antivirus Software
Having a solid password and firewall will do you no good if your system is vulnerable to viruses. Viruses like keyloggers can infiltrate your system and collect personal information, such as your passwords Even if your password is 20 characters long, it can still be hacked if your computer is infected with spyware and keyloggers. Keyloggers actually log everything that you type into your computer, which means that every time you enter your passwords, the info is sent to the hacker. To prevent something like this from happening, you’ll need a strong antivirus working to protect your computer at all times. Some antivirus suites come with a firewall and a password generator, so it is possible to handle all of the above precautions with a single powerful antivirus suite.
If you are running a website on a Unix or Linux server, it is important to know that many of your files and directories must be provided with the right permissions in order to function properly. In the world of Unix-like platforms, the process of giving permissions is known as change mode or simply, CHMOD. While you definitely want the files and directories of your website to work properly, it is also imperative to set the right permissions for security purposes.
CHMOD Permission Types
There are three types of permission in the Unix environment: Read, Write and Execute. Below is an explanation on what each type of access means:
Read – This permission provides access that allows files to be read. When applied to directory, it allows the names of files in a particular directory to read. However, it does not disclose the type, size, permissions or any other information about the files.
Write - This permission provides access that allows a file to be modified. When applied to a directory, it allows files in a particular directory to be modified. This includes creating, renaming and deleting files.
Execute – This permission provides access that allows a file to be executed. The execute permission must be set for shell scripts and executable binaries in order for them to be run on the underlying operating system. When applied to a directory, it provides access that allows files and subdirectories to be accessed, but not read. Files and subdirectories can only be viewed if the directory that contains them is set to read.
CHMOD User Types
The above permissions apply to three types of users: the User, Group and Other. The User is the owner of the file and the one that has complete control. The Group is the group of users that own the file. This permission can be useful for a website that has group of people working on a project. In this instance, you could give access to those users and restrict it from others. Other refers to anyone that does not own in a file or belong in a group of users associated with the file. So if you set a file to this permission, it will automatically affect everyone else. For this reason, Other is often referred to as “the rest of the world”.
Defaults and Warnings
Files on a Unix server are usually set to 644 by default. This simply means that the owner of the file has the ability to read and write to it, while everyone else only have read access. Directories in the Unix environment are usually set to 755. This means that the owner has complete authority over the directory while every else can only read and execute the files it contains. One permission you definitely want to be careful with is CHMOD 777. When applying this setting, anyone will have the ability to read, write and execute your files or directories. This is equivalent to leaving your website open to the world and making it easy for hackers to compromise.
CHMOD Tools
While a shell prompt can be used to set permissions, many website owners choose to take the easy route by using an FTP client. The CHMOD option can usually be accessed through menus or by hovering the mouse over a file or directory and choosing the correct option. How you access it all depends on the FTP software. In most cases, you simply check the properties, or enter the corresponding permission numbers in the provided text box to set permissions.
Any organization would find it irresponsible and downright silly to not have anti-virus software installed on their office systems. Most would also have solutions in place to compensate for data restoration should their be a hardware failure or disaster caused by some sort of natural disaster. Surprisingly enough, far two many business owners are unaware that their websites are vulnerable to the same type of attacks as their local machines. This is especially the case in shared and virtual environments where a multitude of sites are running on the same server.
In May 2007, more than 90,000 sites were compromised by hackers, a large scale exploit designed to illegally install malicious code on the computers of visitors who clicked on seemingly harmless search results. A StopBadware study showed that an estimated 10% of those compromised sites were maintained by one hosting firm in particular, which accounted for 250,000 infectious websites. This is just one of many examples that prove no website is ever as safe as we might think.
Common Threats to Business Websites
Hackers employ several methods and tricks to exploit websites. Below we will focus on three that are most commonly used to attack business sites: SQL injection, cross site scripting and CRLF injection.
SQL Injection
SQL injection is by far one of the most popular website attacks employed today. This technique primarily works by sending false or malicious requests to a back-end database to manipulate the information it contains. By doing so, the attacker can view whatever information is stored in the database, change it, or erase it completely. Most websites would not exist without the presence of databases but unfortunately, any site that features shopping carts, search fields, and any type of web form is susceptible to SQL injection. The fields that require interaction from your visitors and customers could open up the door a hacker needs to thieve sensitive data and destroy your company.
Cross Site Scripting
Cross site scripting is another common attack that exploits holes in dynamic websites. Dynamic pages can allow an attacker to insert malicious code and trick an end-user into running a harmful script on their computer. If the user executes the code, the hacker could gain access to all of the sensitive information on their local machine. Cross site scripting takes advantage of numerous programming technologies including Active X, Flash, Javascript and VBScript.
CLRF Injection
Unlike most exploits, CLRF injection does not take advantage of security vulnerabilities in the operating system or web software. Instead, it exploits the manner in which the application was scripted. For instance, an attacker can insert a statement into a web form along with code from CR (Carriage Return) and LF (Line Feed) characters. The chance for exploit arises when the application mistakes this injection for a CLRF used in the initial development stage. This attack is very dangerous as it has the power to disable an entire website.
This article is not aimed to make you a website security expert, but make you aware that security for your business site should be equally important as your local machines. To assume that your business will never be exploited only exposes you to unnecessary risks that could put you out of commission effective immediately.
These days, it is more important than ever to keep your website current with the latest security measures. Why so much emphasis on security? Because hackers are always looking for ways to penetrate servers and websites to thieve sensitive information. There are is a lot you can do to ensure better website security and the tips in this article should taken very seriously.
1.) Update Your Applications and Scripts
Running outdated web applications and code on your site is liking giving hackers an open invite. So if you have older versions of WordPress or Joomla installed, it is advisable that you immediately check for and perform the necessary updates. This goes for any application or programming languages used for your site. For a knowledgeable hacker, compromising Joomla 1.0 is as easy as uploading a shell script to an insecure form. If successful, they could end up with complete control of your account.
2.) Create Strong Passwords
A password can be a simple but effective security mechanism. However, this is only the case when following a strict set of rules. When securing login sessions and other areas of your site, never apply a password that can be easily guessed by others or is used for other accounts. If someone knows just one of your passwords, they can keep trying it for each of your accounts until they are successful. This could not only lead them to the control panel login of your hosting account, but also the financial institution you do your online banking with.
3.) Mask Your Folders
It is always wise to cloak your website files and folders that are stored on the server. Many security experts suggest keeping a blank index.html file in each of the folders stored in your public directory. Doing this will ensure that the contents cannot easily be viewed by internet users. This process is made simple with the cPanel control panel and its Index Manager function. You can take this one step further by password protecting the administrator folder that contains the scripts you are running. This is highly recommended as it provides an added layer of security that will make an intruder have to work that much harder.
What If I Still Get Hacked?
As we eluded to earlier, there is a possibility that even after adhering to all of these tips and more, your website can still be compromised by a hacker. Should your site be successfully exploited, there are a couple of things you should do right away to minimize the damage. The first step that needs to be taken involves changing all of the passwords associated with your website. This goes from your control panel and administrative areas to everything else in between. Next, go through your hosting account to find and update all old applications and plugins as they could easily be the culprits that led to exposure. Any website can be compromised and if it happens to you, your sensitive information can be used for criminal gain in one way or another. Prevention is the key so employ all the measures you can to ensure you are protected against the existing and emerging threats.
Back to top