Saturday, January 19, 2008

Site Security Issues Abound

It has happened web wide and it has happened to the best of the best - NASA, DOD, Google, Microsoft as well as the New York Times. Hacking is big business and very often isn’t profitable or isn’t actively malicious, it is just good fun for bored people. Last year, in October, Google blog was hacked, ironically not long after their post regarding their security was published. In April of this year, a user-end security flaw, which was exploited on AdWords, let a malicious file be installed onto the users’ personal systems which was used to take their passwords and get into their accounts. In this day and age of security breaches, nothing is sacred. Not theirs, and certainly not yours. Chances are that your web site is safe, but do you know that for a fact. Many of the new users to the web site industry rely on a thing we used to call security by obscurity. They presumed that because they were not large and well to do companies or offered services that no one would be interested in and that security was a waste of time and effort. Nothing could be further from the truth. Your best defense against a cracker is to defend yourself. Software has its place, granted, but some of the best defenses against being hacked are very little more than common sense. Social engineering is responsible for more infiltration than any amount of hacking has ever accomplished. A few simple rules of thumb • If you are going to be selling through an e-cart or store front on your web site, make sure you know enough about the software to secure it and if you don’t, hire someone who does. DON’T give out your server password to anyone, for any reason, unless they work for you. Limit the access to the server to people who really have need of it and when they no longer do, delete the account. • KNOW how to operate your own server and maintain your equipment Check your web log regularly for strange or unusual activity. (There is actually software which will do this for you, such as “Tripwire” and “Inet Security Scanner” for Windows that will help you keep track of your log files and send you an alert if there is any strange behavior there.) • Always keep a complete backup of your website and all the files it contains. Keep one on your computer as well and make sure that you update the backup weekly to provide for changes that you’ve made recently. • Keep all of your web site software updated. If you use a forum, make sure to update it regularly. Many of the updates are security upgrades that you don’t want to miss out on. Get the scoop on adware, malware and spyware issues as well as how to protect your PC from intruders at: Adaware In order to obtain more information on website security and other steps you can take to prevent viruses and malware, log on to

No comments: