If you’ve been online recently, you may have read the news about hackers demanding a ransom from Dublin’s tram system. Visitors to the Luas website were greeted by the hackers’ message threatening to publish the stolen information unless they were paid one Bitcoin (approximately 3,300 Euros or US $3,800). While the message itself appeared to be harmless, the fact is that the hackers could just as easily have used the domain to spread malware or phishing attempts.
Events like this highlight the importance of web hosting security. Whether you own a personal passion project website or you’re the web host of several businesses with varying sizes, security should be at the top of your checklist. With proper web hosting security, you won’t only be protecting yourself but, more importantly, your clients, customers and visitors, as well.
In this article, I’ll run down some of the best practices for web hosting that you should know. You can also use the points I provided to ask the right questions if you’re looking for web hosting services.
Web hosts should limit access to their machines included in the infrastructure. This access should only be reserved for trained and authorized technicians.
SSH (Secure Socket Shell), or its equivalent, should be utilized when logging into the server. As an added precaution, password-protected RSA keys can be used.
A host can also whitelist authorized IPs for maintenance. Clients can do or modify this through the control panel included in their account.
Logins from the user root should be disabled in order to prevent bad actors from exploiting this access point. Equivalent permission can then be given to authorized admin logins.
A web hosting company should regularly monitor the network for intrusions or unauthorized activity. This helps prevent server or other related issues (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/featured/web-hosting-security-best-practices/