When was your last penetration test?

When was your last penetration test?

Penetration testing is an essential tool in the armory against hackers and a practical way to verify your website security. During a penetration test the security of your web site will be evaluated by simulating an attack from malicious hackers. The penetration tester will analyze and probe your website for any potential vulnerabilities and weaknesses. Although from a theoretical point of view you may consider your website security to be sufficient, a penetration test will prove this in an … [Read more...]

The benefits of SFTP in website security

The benefits of SFTP in website security

One of the most common operations performed by a web server is the transfer of files. The primary function of a web server is to deliver web pages (made up of HTML files, image files etc) to a web browser. Naturally these files must be uploaded on to a web browser before they can be downloaded by a web browser. The problem with the ubiquitous FTP command is that it is unencrypted. This means that all command and data sent to and from the server are send in the clear. SFTP, or Secure FTP, … [Read more...]

How to manage your privileged (root) accounts?

How to manage your privileged (root) accounts?

All Unix-type operating systems including Linux and FreeBSD have a very simple user privilege model. There are two types of users, normal users with limited privileges and super users with full system privileges. The standard super user account is known as root. The advantages of this model is that the super user can do anything permitted by the system without restriction. This makes it a very powerful account to administrate the system. However it also makes it a large sledge hammer to crack … [Read more...]

Are you protected against Denial of Service (DoS) attacks?

Are you protected against Denial of Service (DoS) attacks?

A “denial of service” attack is an attempt to overwhelm a server with excessive requests and so deny its users access to a website. The symptoms of a denial of service attack include slow network performance, unavailability of a web service or the inability to access a web site. The aim of a denial of service attack is to consume the resources of the server (bandwidth, disk space, or CPU time) so that the server becomes unresponsive. When considering website security, system administrators … [Read more...]

Why you should avoid shared web hosting?

Why you should avoid shared web hosting

Shared hosting is often the most economical form of website hosting as multiple websites reside on a single web server and so the server costs are spread amongst lots of people. However this economization and common usage of a single web server also means that untrusted and unknown account holders have access to the server that is hosting your web site. This leads to potential security weaknesses which ultimately will detract from your website security. Although all operating systems allow … [Read more...]

The Importance of SSL in Website Security

The Importance of SSL in Website Security by ArtSec

The majority of Internet related protocols including the Hypertext Transfer Protocol (HTTP), the Simple Mail Transfer Protocol (SMTP) and the Post Office Protocol (POP3) are all unencrypted and send/receive information in clear plain text. This means that an attacker or cyber criminal can record and analyze Internet traffic and discover usernames, passwords, credit card information, social security numbers, dates of birth and so on. To increase website security data sent to and from a web … [Read more...]