Website Security
If you are not concerned with the security of your Website, you should be…
Security must involve a multi-tiered defense. Most of us know that this is true, but many don’t follow it—which is why hackers and hijackers are still in business.
Tier 1—The Web Server
The security of your Website depends upon the installation and active use of strong, industry-standard security software and installation of security-related updates to the core software and extensions used by your site.
Tier 2—Client Systems
You cannot control what, if any, security software visitors to your Website install on their PCs, laptops, notepads, or Web-capable cell or smart phones. However, you must secure any machine you and your staff use to interact with your Website. This involves:
- Setting & enforcing security policies
- Installing & updating industry-standard strong security software on your machines
- Active monitoring your internal network and Intranet (if you have one)
Tier 3—Monitoring
You must monitor your Website on a daily basis to learn of any attacks attempted and how your server-side security software handled them. This allows you to adjust security configurations; for instance, you may need to block certain Internet domains by “blacklisting” offending Internet addresses (IP addresses).
How Do I Help?
First, I configure the CMS according to the best security practices for that CMS based on my research of current industry standards and practices.
Next, I install and configure very strong security extensions on each Website I create.
Finally, I provide my clients the documentation allowing them to maintain the security of their Websites.
If you wish, you can retain me to maintain your site after I’ve deployed it for you.
Many individuals and groups of individuals are active in the Ether looking for Websites that they may hack or hijack. Why? The avarice of these people is motivated by a variety of factors—political, greed, or just by whim. Consider this example:
Church Site Hijacking
Overnight, someone or some group had successfully conducted a DNS hijacking to support a phishing scheme to collect login credentials and personally identifying information of customers of a major foreign bank. The bank quickly discovered the illegal “302 Open redirect” and fired off a demand to the Web Hosting company to shut down the offending Website. The Web Hosting company complied immediately.
How Did This Happen?
Most likely someone who used the PC in the church office had opened an email containing malware that was automatically downloaded and installed without the user’s knowledge. The malware obtained access to the then-unprotected Windows password file and also communicated back to the server controlling the botnet to which the church’s PC had been inadvertently attached.
Was This Resolved?
Yes, but with some difficulty.
- First, we had to obtain industry-standard security software and install it on the infected PC AFTER using valid, industry-standard tools to find and eliminate the installed malware.
- When the security software was installed and updated, we ran a complete check on the PC for any remnants or other potentially dangerous code.
- We deleted all entries in the Wndows password file.
- We removed the capability provided by installed Web browsers to store individual passwords.
- We reset and secured login credentials to the Web Management software then used by church staff to update the content on their Website.
- Finally, the Web developer deleted all server files on the Web Host and restored a backup of those files that had been made prior to the malware infection.
The church certified these actions with the Web Hosting company the server technicians employed by the Web Host confirmed the removal of malware in the church’s server files, and the Web Host unblocked the site. In this case, the content lost was limited to calendar data that was quickly re-added.