If We have learned anything during the past 4 years it is that you are
the greatest security threat to your own systems! Let's see...
- Erasing files which you thought were backed up.
- Making a quick change that was so simple it did not
require testing.
- Doing something for Company X's system- while in fact logged on to
Company Y's.
- Running system crippling applications during business hours.
- Too much coffee.
- More likely, too little coffee!
My point is that if somebody is going to trash your site it is
most likely going to be yourself! Here are some tips for protecting
your site.
- Never make changes or deletions unless you have a backup!
- Never share your password- two people knowing a secret is
not a perfect secret.
- Do not believe for a minute your safety extends beyond somebody's
lack of interest in trashing your site.
- Do not spam (flood) newsgroups with ads for your site- unless
your site is of meaning to that group. Why give somebody that
level of interest mentioned above?
- Don't put a dumb message up like, Welcome to the Invincible-
Hacker-Proof Site
- Check all Server Side Includes and CGI-BIN programs for problems-
such as allowing the passing of exec or special shell characters.
- Drink just the right amount of coffee to get the job done.
At Webspawn we use some of the STRONGEST security issues and protection schemes so that everyone gets a little more sleep every night.
- Authentication allows clients to make sure they are communicating
with the correct server. This prevents any computer from impersonating your
server or attempting to appear secure when it isn't.
- Encryption scrambles the transferred data so that any
eavesdroppers won't understand the information.
- Data integrity verifies that the data sent between client and
server wasn't altered during transfer. That is, it can tell if anyone has
added or removed data.
|