Web Hosting Coupon

www.liquidweb.com – Liquid Web’s security features.

What do you look for in a web host? A low price? Reliability and good support I hope. If you’re anything like today’s ambitious webmaster, you’re on the hunt for the best features. There’s a lot of programs and management tools available to make your site standout but I bet there are some features you pay no mind at all. Often overlooked but one should never forget about critical security features as they will help to keep your web hosting environment protected from an array of threats. Security features are abundant but here some you simply can’t do without:

SFTP

Short for Secure File Transfer Protocol, SFTP is more efficient and secure variation of FTP. In its purest form, FTP only has the ability to transfer files, leaving them vulnerable to a range of security breaches such as eavesdropping, tampering and even interception of the entire file. A web hosting company offering SFTP provides you with the ability to secure your files in transit with SSH (Secure Shell Host), a protocol that protects data with government recommended 128-bit encryption.

SSL

Secure Sockets Layer or SSL, should be incorporated on any website that sells products or services. SSL is a standard encryption protocol designed to keep internet communications secure. If a web hosting company doesn’t support a shared or private SSL certificate, you need to turn in the opposite direction and find yourself another provider.

Data Backups

Data backup and restoration is not only something that should be practiced with the files on your hard drive, but those on the web host’s server as well. All it takes is one technical difficulty or natural disaster for the web hosting company to lose a server and all of your website data. The good thing is that most providers perform redundant backups to ensure that your data can be restored in the event of a failure. To be on the safe side, I recommend looking into a web host that offers a utility that allows you to backup your own data.

Network Security

Aside from protecting your files and website transactions, you also need to keep an eye out for security features that protect the web hosting company’s network. Do a little research to learn how the web host is protecting their infrastructure, keeping in mind that intrusion detection systems, firewalls, DDoS protection, virus and spam filtering are common features. Servers are prime targets of hackers and malicious code writers so if the hardware is breached or goes down, your website will suffer right along with it.

These are just a few of numerous security features a web hosting company should offer to ensure the safety of your website data. Hackers are constantly trying to crack into web servers while malware writers are releasing new infectious strains everyday. A web host that doesn’t take this into mind is essentially leaving you wide open for exploitation.

A September 2009 survey released by Centrify revealed that the major barrier facing 46% of the respondents when it comes to adopting virtualization is security. In fact, only an estimated 20% of respondents said they were strongly confident in the security infrastructure of their virtualized environments. Professionals heavy into the technology sector are well aware of the security conundrum that surrounds virtualization. It has become such an issue that EMC recently assembled a panel of experts from its Ionix, RSA and Vmware divisions to put together some guidelines for adequately securing virtualized environments. What they came up with was “Security Compliance in a Virtual World,” a report that focuses on many key points that must be considered for ensuring virtualization security.

OS Hardening

The configuration for virtual machines and switches must be hardened just like your physical boxes and network switches. The underlying operating system must also be hardened through routine patches and updates, removal of unused components and maintaining secure settings. The EMC report suggests modeling virtual systems after the guidelines from the CIS (Center for Internet Security) and DISA (Defense Information Systems Agency) as they are viewed as well established security practices.

Configuration and Change Management

Since virtualization technology makes it simple to deploy new virtual machines and modify their set ups, it becomes very easy to fall into a chaotic state of configuration when it comes time to managing the environment. Even when systems are adequately hardened during installation, it is still important for organizations to stay on top of the environment to ensure a secure configuration. This means that when system settings are modified or new software applications are added, administrators are making sure the virtual system continues to meet what the EMA report calls the “gold standard” of configuration.

Access Control

Practical security polices such as least privilege and separation of duty should not be thrown to the wayside just because virtualization has come into the picture. Instead, such principles should become more essential than ever. The presence of virtualization results in increased density of all the systems and applications on your server. This is more convenient for your organization as well as the intruder who may be able to manipulate these systems if proper access control is not enforced and maintained. The report suggests that solution providers aid their staff and clients in understanding the importance of role-based access control both in and out of the virtual environment.

Network Security and Segmentation

Companies operating virtual servers lacking any sort of segmentation are far more vulnerable to exploit and exposure than organizations making use of virtual switches to incorporate those virtual machines into virtual local area networks like their physical counterparts. The security report explains that one of the most essential factors in compliance is ensuring that data is isolated and not mingled with or available to users on other virtual machines. Organizations that possess expertise in the network security field should put it to use in the virtualization environment. This can be done by obtaining virtual switches and other virtual security mechanisms such as firewalls and intrusion protection systems to protect network perimeters.